On my home Windows 10 machine, I have port forwarded Microsoft's RDP port (3389) via my router to port (20202). Thus, I can remotely access the Windows 10 machine via the Microsoft Remote Desktop application on my Mac by simply typing in <my public IP address>:<port>
(e.g. 134.111.23.443:20202
).
I'm wondering if there is a way to make this more secure, such as tunneling over SSH, without requiring any other computers (I only have the Windows 10 Machine connected to the Internet by landline at home, and my MacBook, which I take with me).
Best Answer
Microsoft’s Remote Desktop uses encryption and communications are therefore reasonably protected. The weak point is that of brute-force attack against your user-name and password.
To secure RDP you may do the following :
Change the default port that Remote Desktop listens on
This one you already did.
Strong credentials
Use a non-default user-name and a long and complicated password
Restricted user accounts
Limit severely the users that can use RDP by running
secpol.msc
> Local Policies > User Rights Assignment, double-click on "Allow log on through Remote Desktop Services" and remove all displayed groups, then add your one user.High security level
Run
gpedit.msc
> Local Computer Policy > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.Set an account lockout policy
To lock an account for a period of time after a number of incorrect guesses, go to Administrative Tools > Local Security Policy > Account Policies > Account Lockout Policies, and set values for all three options (3 invalid attempts with 3 minute lockout durations is reasonable).
keep track of logging into your PC
Periodically go to Event Viewer > Applications and Services Logs > Microsoft > Windows > TerminalServices-LocalSessionManger > Operational, to see login information.