Remote Desktop is a convenient way to retain access to your office computer while not in your office, but the default configuration also makes it accessible to the Internet and increases your risk of a system compromise.

To reduce the risk of compromise, the BU Information Security Incident Response Team (IRT) recommends you make the following changes to the configuration of Remote Desktop:

We discourage the use of gotmypc.com for privacy reasons mostly. We discourage the use of other third party software for security vulnerabilities concerns.

Changing the Remote Desktop Port Number

The easiest way to change the port involves un-checking “remote desktop” in the windows firewall exception tab and use the add port option to open up a lower numbered port and assign it a new name like “BU remote desktop”. Then assign that port to the remote desktop service via the registry:

1. Start Registry Editor.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
3. On the Edit menu, click Modify, and then click Decimal.
4. Type the new port number, and then click OK.
5. Quit Registry Editor.

Reference: http://support.microsoft.com/kb/306759/en-us?FR=1&PA=1&SD=HSCH

Active Directory Organization Unit administrators can configure these settings for their users easily via group policy.

Using Remote Desktop to Connect to an Alternate Port Number

From the remote PC, clients will need to append “:port#” to the end of the hostname or IP address entered into the Computer field of the Remote Desktop Connection client . For example to connect to a pc named, myworkpc.bu.edu on a low numbered port that is NOT on the allowed inbound port list, such as tcp 200, I would need to enter myworkpc.bu.edu:200 in the RDC client hostname field as shown in the example below. This step usually is all the end user needs to learn.

RDP_client_example

Disabling Remote Desktop

Windows 7

Go to Control Panel, click System And Security, and then click System (or just System if using the classic view).

  1. On the System page, click Remote Settings in the left pane. This opens the System Properties dialog box to the Remote tab.
  2. To disable Remote Desktop, select Don’t Allow Connections To This Computer,
  3. Also uncheck the  Allow Remote Assistance box only if already checked.

rdp_disable

  1. Click Apply

Windows XP

Click System in Control Panel.

  1. On the Remote tab, clear the Allow users to connect remotely to your computer check box, and then click OK.