Remote Desktop Identity Theft

— Brought to you by the 2X Cloud Computing Team —

With growing business demands and shrinking IT budgets, companies face tough situations to increase business productivity levels with limited resources. Virtualization and Remote desktop services offer a great advantage to companies by optimizing network resources.  While virtualization tools create virtual machines that run on a hypervisor, Remote desktop services are run on a terminal server. The change of name from Windows Terminal Services to Remote Desktop Services (RDS) in Windows Server 2012 R2 speaks volumes of enhancements in this segment. While RDS offers greater levels of flexibility in providing location-independent networks, remote desktop identity theft has become a concern in recent times. Hackers are finding ways to access open connections in corporate networks. If a connection is established, hackers can access critical data, perform illegal transactions or use the server to intrude into other networks. This is why companies need to ensure that remote desktop connections are highly secured.

How do hackers gain access to RDP servers?

In a remote desktop environment, users remotely connect to a terminal server using the port 3389. When the user requests a connection, the terminal server checks for authentication and creates a unique session. The level of access to network resources is also restricted according to the privileges allotted for the user. Today, there are millions of remote desktop connections providing remote access to users, and these remote networks contain several open ports. Hackers are eyeing these open ports to make their way into the network. They do so by scanning thousands of IP addresses, looking for open ports, and using brute force to attack these open ports for access to a Remote Desktop connection. Obtaining this unauthorized access can create considerable damage to companies.

How to prevent remote desktop identity theft?

To ensure a secure, high performance remote desktop infrastructure, companies need to follow certain security measures. Here are some recommendations to follow.

  • Powerful Password policy

Companies need to ensure that users create a strong password that cannot be easily hacked. By creating a password protection policy, users are forced to create passwords with a combination of numbers, letters, and special characters. At the same time, passwords need to be changed regularly. General passwords like admin, test or password should not be used. Moreover, you can create an account lockout policy based on unsuccessful login attempts.

  • Changing RDP port

While the default RDP connection port is 3389, you can try using another one. If possible, companies can associate the RDP port with specific IP addresses. For instance, companies can restrict remote access to specific office locations; however, this may not be feasible when you provide network access to users who frequently travel. In addition, you can use an RDP gateway to confine traffic to a single gateway for restricted access.

  • Securing RDP connections

Creating a virtual private network tunnel to secure your RDP connections is a good idea. In a VPN tunnel, encryption of traffic ensures secure connections. Using network level authentication adds to the security of an RDP connection as credentials are authenticated before providing a remote connection.

About 2X Software

2X Software is a global leader in virtual desktop and application delivery, remote access and cloud computing solutions. Thousands of enterprises worldwide trust in the reliability and scalability of 2X products. 2X offers a range of solutions to make every company’s shift to cloud computing simple and affordable. For additional information, visit

Leave a Reply

Your email address will not be published. All fields are required.