As discussed in our article on “What port does Remote Assistance and Remote Desktop use?”, both services make use of TCP port 3389. These two similar services enable access to remote computers for different purposes.
Remote Assistance is primarily used by support personnel to help users resolve a problem with their computer.
Remote Desktop, or RDP, enables users to access a physically distant machine and is often employed to allow employees to interact with their work computers from home. More detailed information on RDP can be found in our “Remote Desktop Protocol” article.
What is port 3389 used for?
Port 3389 is used to enable users to access remote computers. While in most cases this access is legitimate and approved by the owner of the physical machine, there are also port 3389 vulnerabilities that make it critical to limit access. Only authorized users should be able to send a request to port 3389, eliminating the possibility of an attack using the port as a gateway to enterprise computing resources.
What are the security risks of Port 3389?
The vulnerabilities of port 3389 illustrate the dangers and complications of ensuring secure remote access, as it can be the open window through which hackers compromise your systems.
There are several methods of addressing port 3389 vulnerabilities to protect a computing environment.
* One measure that can be taken is to lock down port 3389 by implementing secure tunneling.
* Firewalls can also be configured to only allow access to port 3389 from a designed list of safe IP addresses. Unfortunately, this method of defense can be thwarted by hackers who have hijacked a computer on the safe list and use it as their platform for initiating attacks.