Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ InTouch HMI

Secure your Remote Desktop Services (RDS) connections

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
TABLE OF CONTENTS

Secure your Remote Desktop Services (RDS) connections

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMar 10, 2025
  • 2 minute read

Safeguard against attacks with the following security practices:

  1. Use strong passwords

    Use a strong password on all accounts with access to Remote Desktop.

  2. Update your software

    Make sure you are running the latest versions of both the client and server software by enabling and auditing automatic Microsoft Updates.

  3. Set an account lockout policy

    By setting your computer to lock an account for a period of time after a number of incorrect guesses, you will help prevent "brute-force" attack.

  4. Use Two-factor authentication

    RD Gateways support smartcard two-factor authentication.

  5. Change the listening port for Remote Desktop

    Prevents network attacks and worms that attempt to access the default Remote Desktop port (TCP 3389).

  6. Use RD Gateways

    RD Gateway restricts access to Remote Desktop ports while supporting remote connections through a single "Gateway" server. When using an RD Gateway server, all Remote Desktop services on your desktop and workstations are routed through the RD Gateway. The RD Gateway server listens for Remote Desktop requests over HTTPS (port 443), and connects the client to the Remote Desktop service on the target machine. Refer to the steps here: http://technet.microsoft.com/en-us/library/cc770601.aspx

  7. Configure Network Level Authentication for Remote Desktop Services Connections

    Network Level Authentication requires that the user be authenticated to the RD Session Host server before a session is created. Network Level Authentication increasing availability of the RD Session Host server (reduces the risk of denial-of-service attacks of the RD Session Host server). https://technet.microsoft.com/en-us/library/hh831778.aspx

  8. Configure Server Authentication and Encryption Levels

    By default, Terminal Services sessions use native Remote Desktop Protocol (RDP) encryption. However, RDP does not provide authentication to verify the identity of a terminal server. You can enhance the security of Terminal Services sessions by using Transport Layer Security (TLS) 1.0 for server authentication and to encrypt terminal server communications. The RDS and the client computer must be correctly configured for TLS to provide enhanced security. By default, RDS connections between the client and server are encrypted at the highest level of security available (128-bit), ensuring integrity and confidentiality of the data transmitted.

TitleResults for “How to create a CRG?”Also Available in