Would you like to see the site in a different language?

English
English Español Italiano Português do Brasil Português Français Русский 日本語 Polski 简体中文 繁體中文 Türkçe 한국어 Čeština العربية Bahasa Indonesia Tiếng Việt Nederlands ไทย Magyar Slovenčina Svenska Ελληνικά Română فارسی Dansk Български Suomi Hrvatski Norsk bokmål Bahasa Melayu हिन्दी Tagalog English (UK)
Change language
Table of Contents

Introduction

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, enabling users to connect to another computer over a network connection. At the core of this technology are RDP ports, which act as gateways for remote connections. This article provides an in-depth look at RDP ports, their importance, common uses, security concerns and best practice for securing them.

What is an RDP Port?

An RDP port is a network port that facilitates communication between a remote client and a server using the Remote Desktop Protocol. By default, RDP uses TCP port 3389. This section will cover basics:

  • What is the Default RDP and Its Role
  • How RDP uses Port 3389
  • The Communication Process
  • Other Ports for RDP
  • Use of Different Port Ranges
  • TSplus-Specific Port Considerations

What is the Default Port and Its Role?

A default port simply makes communication possible between devices. Many ports have been assigned a particular function and are therefore standard for one use only. This is the case for port 3389, which is reserved for RDP. Beyond the standard ports, other ports are accepted as usual alternatives. The official list is kept up to date by the Internet Assigned Numbers Authority (IANA).

Default RDP port 3389 is used by the Remote Desktop Protocol to establish a connection between the client and the server. When a user initiates an RDP session, the client software sends a request through port 3389 to the server, which listens on the same port for incoming RDP traffic.

The significance of this port lies in its standardized use, which ensures compatibility and ease of setup. However, the fact that it is so common also makes it a favored target for malicious activities.

The significance of this port lies in its standardised use, which ensures compatibility and ease of setup. However, its commonality also makes it a target for malicious activities.

How Does RDP Use Port 3389?

By default, RDP uses TCP port 3389. When a user starts a remote session, the client sends a connection request to this port on the remote machine. If accepted, the session is initiated and encrypted communications begin.

Because of its standardized use, port 3389 is easy to configure and universally recognised, but this also makes it a frequent target for automated hacking attempts and malware scanning tools.

Communication Process

The communication process involves several steps:

Client Request

The client sends an initial connection request to the server's IP address and port 3389. This request includes the necessary authentication credentials and session parameters.

Server Response

The server responds with a series of handshake messages to establish a secure communication channel. This includes the exchange of encryption keys and session settings.

Session Initialization

Once the handshake is complete, the server initializes the session, allowing the client to interact with the remote desktop. This interaction is facilitated through a series of data packets that transmit keyboard inputs, mouse movements and screen updates.

Are there other ports for RDP?

While 3389 is the default, other ports can be used in RDP workflows either by configuration or by underlying services that support or extend RDP functionality. Changing the default port is one way to enhance security and reduce the risks related to automated attacks targeting port 3389.

Here are the other RDP ports:

Port Protocol Purpose
3389 TCP/UDP Default RDP Port
443 TCP Used when RDP is tunneled through HTTPS
80 TCP Used for HTTP redirection in RDP Gateway
135 TCP Used for RPC-based functions in RDP
Dynamic RPC (49152–65535) TCP Required for DCOM and RDP Gateway communication
1433 TCP Used when RDP accesses SQL Server remotely
4022 TCP Alternative SQL Server port in secure setups

These ports often appear when using Remote Desktop Gateway, virtual desktop infrastructure (VDI) or hybrid deployments. For instance, Microsoft's RDP Gateway relies on ports 443 and 80, while advanced setups may call dynamic ports for Remote Procedure Calls (RPC).

As documented by Microsoft Learn, administrators should configure firewalls and routers carefully to allow legitimate RDP traffic while blocking unwanted access.

What Port Ranges Can Be Used for RDP?

Understanding Port Ranges

RDP communication relies on TCP (and optionally UDP) ports to transmit data between a remote desktop client and host. While port 3389 is the default, Windows systems can be configured to use a different port for security or network routing purposes. When changing the RDP port, it is important to choose one that is valid, available, and not used by other critical services.

Range Port Numbers Description
Well-known ports 0–1023 Reserved for system services (e.g., HTTP, SSH)
Registered ports 1024–49151 User-registered services (safe for RDP alternatives)
Dynamic/Private ports 49152–65535 Temporary/ephemeral ports, also safe for custom use

Avoid well-known ports like 80, 443, 21, 22 and others to prevent service conflicts.

Examples of Safer Custom Ports for RDP

  • 3390, 3391, 3395: close to the default but less scanned
  • 5000, 5678, 6001: easy to remember, often unused
  • 49152, 55000, 59999: in the dynamic/private range, ideal for reducing visibility to automated scans

Note: Changing the port does not prevent attacks but may reduce noise from bots that scan only port 3389.

How to Choose an Alternative Port

  1. Check if the port is not already in use on your system.
  2. Ensure that firewall rules allow inbound traffic on the new port.
  3. Consider a port above 1024 to avoid requiring elevated permissions for services.
  4. Document the change clearly so that users and IT admins know how to connect.

What are the Considerations Specific to TSplus?

TSplus Remote Access uses RDP at its core but abstracts and improves it through a web-enabled, user-friendly layer. This changes how and when traditional RDP ports like 3389 are relevant.

Functionality Default Port Notes
Classic RDP access 3389 Can be changed via Windows settings or disabled entirely
Web interface (HTTP) 80 Used for the TSplus web portal
Web interface (HTTP) 443 Recommended for secure browser-based RDP
HTML5 client 443 (or custom HTTPS) No native RDP client needed; fully browser-based
TSplus Admin Tool N/A Port management and firewall rules can be configured here

Customization and Flexibility

TSplus allows administrators to:

  • use RDP more securely thanks to the TSplus Client Generator ;
  • change the web server port (e.g., to avoid conflicts with IIS or Apache);
  • assign alternate RDP ports per user or server instance;
  • disable 3389 entirely and rely solely on web-based access;
  • implement SSL encryption, 2FA and IP filtering at the web server level.

This flexibility means 3389 is not required for TSplus to function in many use cases, especially when HTML5 or remote app access is preferred.

Security Implication

Because TSplus can route RDP through HTTPS, it is possible to completely isolate internal port 3389 from public exposure, while still offering full RDP functionality over port 443. This is a significant security upgrade over traditional open-RDP setups.

Use TSplus' built-in security features to lock down access at the web layer, further reducing the attack surface.

Why RDP Ports Matter?

RDP ports are essential for enabling remote desktop functionality. They therefore allow seamless communication between remote clients and servers, facilitating various remote access and management tasks. This section explores the significance of RDP ports in different contexts.

  • Remote Work Access
  • Technical Support
  • Server Management
  • Virtual Desktops

Remote Work Access

RDP ports are critical for remote work, allowing employees to access their office computers from home or other remote locations. This capability ensures continuity of work and productivity, regardless of physical location.

Remote desktop connections enable access to corporate resources, applications and files as if the user were physically present in the office. This is particularly useful for organisations with distributed teams or those implementing flexible work policies.

Technical Support

IT support teams rely on RDP ports to troubleshoot and resolve issues on remote systems. By accessing the remote desktop, support personnel can perform diagnostics, apply fixes and manage configurations without needing to be on-site.

This remote capability reduces downtime and enhances the efficiency of support operations. It allows for quick resolution of issues, minimizing the impact on end-users and maintaining business continuity.

Server Management

Administrators use RDP ports to manage servers remotely. This vital functionality helps in maintaining server health, performing updates and managing applications, especially in large-scale data centres and cloud environments.

Remote server management through RDP enables administrators to perform tasks such as software installation, configuration changes and system monitoring from any location. This is crucial to maintain the uptime and performance of critical infrastructure.

Virtual Desktops

RDP ports also support virtual desktop infrastructure (VDI), providing users with access to a virtualised desktop environment. This setup is increasingly popular in organisations seeking to centralise desktop management and improve security.

VDI is a cloud computing technology which lets you run full desktop environments inside virtual machines (VMs) hosted on powerful servers in a data centre. With VDI, full desktop environments run on centralised servers. RDP ports (especially 3389, 443 and dynamic RPC ranges) allow end-users to connect to these virtual machines (VMs) over the internet.

Security Concerns with RDP Ports

While RDP ports are essential for remote access , we have seen they can also be vulnerable to cyberattacks if not properly secured. This section discusses common security threats associated with RDP ports and provides detailed explanations of each.

  • Brute Force Attacks
  • RDP Hijacking
  • Exploitation of Vulnerabilities
  • Man-in-the-Middle Attacks

Brute Force Attacks

Brute force attacks involve hackers systematically trying different username and password combinations to gain access to an RDP session. These attacks can be automated using scripts that continuously attempt to log in until successful.

Mitigation: implement account lockout policies, use complex passwords and monitor failed login attempts.

RDP Hijacking

RDP hijacking occurs when an unauthorized user takes control of an active RDP session. This can happen if an attacker gains access to session credentials or exploits a vulnerability in the RDP protocol.

Mitigation: Use multi-factor authentication mechanisms and regularly monitor session activities. Ensure that only authorised personnel have access to RDP credentials. Using session timeouts can help.

Exploitation of Vulnerabilities

Unpatched systems with known vulnerabilities in RDP can be exploited by attackers. For example, vulnerabilities like BlueKeep (CVE-2019-0708) have been widely reported and exploited in the wild, emphasizing the need for regular updates and patches.

BlueKeep CVE-2019-0708 is a security vulnerability discovered in Microsoft's Remote Desktop Protocol (RDP) implementation, which allows for the possibility of remote code execution.

Mitigation: stay updated on the latest security advisories, apply patches promptly and implement a robust patch management process. Disabling unused RDP services can be useful.

Man-in-the-Middle Attacks

A man-in-the-middle attack is a type of cyber-attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other. This can lead to sensitive data being captured or altered without the knowledge of either party.

Using strong encryption protocols and ensuring that RDP sessions are conducted over secure channels, such as VPNs, can mitigate the risk of man-in-the-middle attacks. Regularly updating encryption standards and protocols is also essential.

Mitigation: Use strong encryption protocols and ensure that RDP sessions are conducted over secure channels, such as VPNs and TLS. Regularly update encryption standards and protocols. Avoid public Wi-Fi for RDP sessions.

How to Secure RDP Ports?

To mitigate security risks, it is essential to implement best practices for securing RDP ports This section provides a comprehensive guide on how to harden the security of RDP connections.

  • Change the Default RDP Port
  • Enable Network Level Authentication (NLA)
  • Use Strong Passwords
  • Implement Two-Factor Authentication (2FA)
  • Restrict RDP Access
  • Regularly Update and Patch Systems
  • Monitor RDP Logs

Change the Default RDP Port

Changing the default RDP port makes automated attacks more difficult.

Steps to change the default RDP port:

  1. Open the Registry Editor and navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber .
  2. Use a non-standard port (e.g., 4489) to the desired value and ensure it does not conflict with other services.
  3. Update firewall rules to allow traffic through the new port and ensure network configuration is aligned with the new RDP settings.
  4. Notify users of the new port configuration.

Enable Network Level Authentication (NLA)

NLA requires users to authenticate before a full RDP session is created, preventing unauthorized access and reducing the denial-of-service attacks.

To enable NLA:

  1. Open System Properties → Remote
  2. Check the "Allow connections only from computers with NLA" box
  3. Apply the settings and ensure that all clients support NLA.

Use Strong Passwords

Ensure that all accounts with RDP access have complex, unique passwords. Strong passwords typically include a mix of uppercase and lowercase letters, numbers and special characters.

A best practice password policy will require regular changes and prohibit the reuse of old passwords, thus enhancing security. Using password managers can also help users manage complex passwords effectively.

Implement Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security by requiring a second form of verification, such as a code sent to a mobile device, in addition to the password. This significantly reduces the risk of unauthorised access even if the password is compromised.

To implement 2FA:

  1. Choose a 2FA solution compatible with RDP.
  2. Configure the RDP server to integrate with the 2FA solution
  3. Ensure that all users are enrolled and understand the 2FA process

Restrict RDP Access

Limit RDP access to specific IP addresses or use Virtual Private Networks (VPNs) to restrict remote connections. This can be achieved by configuring firewall rules to allow RDP traffic only from trusted IP addresses.

To restrict RDP access:

  1. Define a list of authorised IP addresses.
  2. Configure firewall rules to block all other IP addresses.
  3. Use VPNs to provide a secure connection for remote users.

Regularly Update and Patch Systems

Keeping systems updated with the latest security patches is crucial for protecting against known vulnerabilities. Regularly check for updates from Microsoft and apply them promptly.

To ensure regular updates:

  1. Implement a patch management system.
  2. Schedule regular maintenance windows for applying updates.
  3. Test updates in a staging environment before deploying them to production.

Monitor RDP Logs

Regularly review RDP logs for any suspicious activity or unauthorized access attempts. Monitoring tools can help detect and alert administrators to potential security breaches.

To monitor RDP logs:

  1. Enable auditing for RDP connections.
  2. Use centralized logging solutions to collect and analyze logs.
  3. Set up alerts for unusual activities or failed login attempts.

TSplus Remote Access Solution

TSplus Remote Access enhances RDP security and usability by offering advanced features like two-factor authentication, port forwarding and SSL encryption. It simplifies remote access with a user-friendly interface, centralised management and robust security measures, making it an ideal solution for secure, efficient and scalable remote desktop connections.

It is worth noting the other products in the TSplus range all participate in ensuring stronger, safer RDP connections, while additionally, TSplus Remote Access also offers other connection modes as alternatives to RDP.

Conclusion

RDP ports are a vital component of remote desktop services, enabling seamless remote access and management. However, they also present significant security risks if not properly secured. By understanding the role of RDP ports and implementing best practices to protect them, organizations can safely leverage remote desktop capabilities without compromising security.

TSplus Remote Access Free Trial

Ultimate Citrix/RDS alternative for desktop/app access. Secure, cost-effective, on-premises/cloud

Start a Free Trial

Share:

Facebook Twitter LinkedIn

Your TSplus Team

Further reading

back to top of the page icon