Networks Training

  • About
  • My Books
  • IP Tools
  • HOME
  • Cisco Networking
    • Cisco General
    • Cisco IOS
    • Cisco VPN
    • Cisco Wireless
  • Cisco ASA
    • Cisco ASA General
    • Cisco ASA Firewall Configuration
  • Certifications Training
    • CCNA Training
    • Cisco Certifications
    • I.T Training
  • General
    • Tech News
    • General Networking
    • IP Telephony
    • Network Security
    • Product Reviews
    • Software
  • Cisco Routers
  • Cisco Switches
You are here: Home / General Networking / What Port Does Remote Desktop Protocol (RDP) Use: Essential Information for Network Administrators

What Port Does Remote Desktop Protocol (RDP) Use: Essential Information for Network Administrators

Edited By Harris Andrea

Remote Desktop Protocol (RDP) is a key tool for many IT professionals and remote workers. It allows users to connect to other computers (mainly used on Windows OS computers) over a network connection.

RDP-image

Knowing which port RDP uses is important for setting up secure remote access and for allowing firewall access to servers remotely.

Table of Contents

Toggle
  • RDP typically uses TCP port 3389 by default.
  • UDP Port 3389 For Better Performance
  • Understanding Remote Desktop Protocol (RDP)
    • The Role of RDP in Remote Administration
    • How to Change the Standard RDP Port Number
    • Port Forwarding for RDP Access
  • Security Measures and Concerns for RDP
    • Protecting Against Unauthorized Access
    • Encryption and Secure Channels
    • Authentication and Access Control
    • Use of Remote Desktop Gateway (RD Gateway)
    • Related Posts

RDP typically uses TCP port 3389 by default.

This TCP port is set by Microsoft for RDP connections on Windows systems. When you enable Remote Desktop, the service starts listening on port 3389.

This port must be open in firewalls to allow RDP traffic. Some organizations change the default port for security reasons. When connecting to a computer with a non-standard RDP port, users need to specify the new port number on the RDP client.

IT admins should consider security best practices when using RDP for remote access because this protocol is prone to vulnerabilities and introduces high risk for unauthorized access.

UDP Port 3389 For Better Performance

Although the standard port for RDP is TCP 3389, you can have a mixed configuration whereby you can have both TCP and UDP 3389 for Remote Desktop Protocol. Actually, by default the RDP service listens to both UDP and TCP on Windows systems.

See the screenshots below for my own Windows system:

As you can see from above, port 3389 (RDP) listens on both TCP and UDP.

Having UDP is known for offering faster performance and connection speed especially for graphics and multimedia since UDP has lower overhead and is better for real-time data.

Therefore, when you are configuring your local windows firewall, or the external hardware network firewall, it is better to allow both UDP and TCP 3389 to pass.

MORE READING:  12 Types of Network Devices Found in Modern Enterprise Networks

Understanding Remote Desktop Protocol (RDP)

Remote Desktop Protocol (RDP) enables remote access and control of desktops, servers, and applications. It is mostly used on Windows machines.

The Role of RDP in Remote Administration

RDP is key for IT teams managing remote systems. It lets admins access Windows servers and workstations from anywhere. This saves time and travel costs.

RDP works on Windows 10, 11, and Server versions like 2016, 2019, and 2022 (and also on older OS versions as well). It sends screen images, mouse clicks, and keyboard input between devices.

The protocol encrypts data for security. This protects sensitive info during remote sessions. RDP clients are built into Windows. Third-party apps exist for other systems too.

IT pros use RDP to fix issues, update software, and manage settings on far-away machines. This keeps systems running smoothly without on-site visits.

How to Change the Standard RDP Port Number

The default RDP port is 3389 as we mentioned above.

For added security, you can change this port. To do so, modify the Windows Registry:

Search for “regedit” and click on Registry Editor.

Find the “PortNumber” value in:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

You need to right click on the above “PortNumber” field and select Modify. Change to Decimal and put a new port number and save.

Port Forwarding for RDP Access

Port forwarding lets you access RDP from outside your local network. Set up port forwarding on your router to direct incoming traffic to the right internal IP address.

Choose a different external port for added security. For example, use port 3390 externally to forward to 3389 internally. This helps hide your RDP port from potential attackers.

Remember to update your firewall rules when changing ports. Allow both TCP and UDP protocols for smoother RDP performance.

Security Measures and Concerns for RDP

Remote Desktop Protocol (RDP) offers convenience but brings security risks. To use RDP safely, it’s key to put strong protections in place and be aware of potential threats.

Protecting Against Unauthorized Access

RDP can be a target for hackers. They often try to guess passwords or use stolen ones. To stop this, use strong passwords with letters, numbers, and symbols. Set up account lockout rules to block users after too many wrong tries.

MORE READING:  Unveiling the Significance of Network Automation in Contemporary Networking

Don’t let RDP connect straight from the internet. Use a VPN or firewall to limit who can reach it. Change the default port 3389 to a random one to make it harder to find.

Keep systems up to date with the newest patches. Old software can have vulnerabilities that attackers use to get in.

If you must allow users to connect via RDP over the internet, then allow firewall access only from specific static IP addresses and do not allow the whole Internet (any source) to connect.

Encryption and Secure Channels

RDP sends data over networks. Without protection, someone could steal this info. Use built-in RDP encryption to scramble the data. For more safety, set up a VPN. This makes a secure tunnel for RDP traffic.

Check that RDP uses the latest security settings. Older versions might have weaker encryption. Make sure to pick the strongest options in your RDP setup.

Authentication and Access Control

Good authentication stops unwanted users from getting in. Turn on Network Level Authentication (NLA). This checks users before they fully connect.

Set up multi-factor authentication (MFA). This asks for more than just a password, like a code from your phone (called “One Time Password”). It makes it much harder for attackers to break in.

Limit who can use RDP. Only give access to those who really need it. Use group policies to control these permissions or give remote desktop access only to specific local users on the Windows machine. Regularly check and update who has access.

Use of Remote Desktop Gateway (RD Gateway)

This is a Role within Windows Server that enables authorized remote users to connect to resources on an internal corporate network from any internet-connected device.

It is a good security practice in Enterprise environments to use an RD Gateway since it uses tunneling of RDP over HTTPs, and its benefits include avoiding direct exposure of port 3389, centralized access control, use of encrypted SSL/TLS communication and much more.

How RD Gateway Works Briefly:

  1. A remote user initiates an RDP connection to the RD Gateway server.
  2. The connection is established using HTTPs (port 443).
  3. The user authenticates to the gateway.
  4. If authentication succeeds and connection policies allow, the gateway establishes an RDP connection to the requested internal resource.
  5. The gateway then tunnels RDP traffic between the client and the internal resource.
Spread the love

Related Posts

  • Difference Between Routers and Switches in TCP/IP Networks
  • 11 Different Types of IP Addresses Used in Computer Networks
  • Compare and Contrast Network Topologies (Star, Mesh, Bus, Hybrid etc)
  • 11 Networking Companies Like Cisco (Competitors)
  • What is a Wildcard Mask – All About Wildcard Masks Used in Networking

Filed Under: General Networking

Download Free Cisco Commands Cheat Sheets

Enter your Email below to Download our Free Cisco Commands Cheat Sheets for Routers, Switches and ASA Firewalls.

By subscribing to our email list you will be receiving technical tutorials and industry news from time-to-time. You can unsubscribe at any time.

About Harris Andrea

Harris Andrea is an Engineer with more than two decades of professional experience in the fields of TCP/IP Networks, Information Security and I.T. Over the years he has acquired several professional certifications such as CCNA, CCNP, CEH, ECSA etc.

He is a self-published author of two books ("Cisco ASA Firewall Fundamentals" and "Cisco VPN Configuration Guide") which are available at Amazon and on this website as well.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search this site

About Networks Training

We Provide Technical Tutorials and Configuration Examples about TCP/IP Networks with focus on Cisco Products and Technologies. This blog entails my own thoughts and ideas, which may not represent the thoughts of Cisco Systems Inc. This blog is NOT affiliated or endorsed by Cisco Systems Inc. All product names, logos and artwork are copyrights/trademarks of their respective owners.

Amazon Disclosure

As an Amazon Associate I earn from qualifying purchases.
Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

Search

BLOGROLL

Tech21Century
Firewall.cx

Copyright © 2026 | Privacy Policy | Terms and Conditions | Contact | Amazon Disclaimer | Delivery Policy