Remote Desktop

Using Remote Desktop securely

Precautions must be taken in using remote desktop capabilities. In addition to previously discovered vulnerabilities, Microsoft Remote Desktop is susceptible to attacks that can result in stolen passphrases, account lockouts, and online criminals taking control of victims’ computers.

To protect against these attacks, IU blocks the Remote Desktop port at the university border. If you wish to use Remote Desktop from outside the university network, you must connect to IU via virtual private network (VPN).

Working remote

How do I connect to IU via VPN?

Additional security recommendations

Disable Remote Desktop. Best practice is to disable unnecessary services on a machine. If Remote Desktop is not needed, disable it.
Limit access to TCP Port 3389 via a firewall. Only allow connections from trusted IP ranges. For example, limit TCP 3389 to only IU networks and require users to connect to the university VPN service before using RDP.
Enable network-level authentication on modern Windows systems. As RDP clients, you can enable network-level authentication and force a user to authenticate before being allowed to use RDP.

Remote Desktop

Using Remote Desktop securely

Working remote

Additional security recommendations

Information Security & Policy resources