• Skip to main content
  • Skip to primary navigation
  • Skip to primary sidebar
  • UC Berkeley
  • Berkeley Engineering
  • EECS
Header Search Widget
IRIS

Instructional & Research Information Systems

  • About Us
  • Get Started
  • Get Help
  • FAQ
    • FAQ: Accounts
    • FAQ: EECS Slack
    • FAQ: File Storage
    • FAQ: Hardware
    • FAQ: MacOS
    • FAQ: Mail
    • FAQ: Mailing Lists
    • FAQ: Network
    • FAQ: Security
    • FAQ: Unix
    • FAQ: Web
    • FAQ: Windows
  • Services
    • Accounts
    • Backups
    • E-mail
    • EECS Login Servers
    • File Storage
    • Infrastructure
    • Mailing Lists
    • Network
    • Printing
    • Room Reservations
    • Security
    • Software
    • Unix
    • Web
  • Policies
  • Forms
    • System Registration/Update
    • Account Request Form
    • Network Problem Report
    • Project Storage Request
    • SSL Certificate Request
    • All Other Forms
  • Rates

Using Remote Desktop from Off-Campus

February 12, 2018 by Lars Rohrbach

Both the campus firewall and our EECS firewall block commonly-vulnerable Microsoft ports from the outside world, but we are not blocking access to port 3389, Remote Desktop Protocol (RDP). This leaves RDP open to brute force attacks, and is responsible for many EECS Windows account lockouts. It is considered poor security practice to expose RDP to the internet.

Beginning February 20, we will be blocking RDP connections from off-campus at the EECS border; RDP connections to devices on the IRIS networks from campus networks, including the campus VPN, will not be blocked. So, if you wish to make a Remote Desktop connection to a machine on the IRIS networks, then you should first establish a campus VPN connection.

An exception to the RDP block will be the department Windows Terminal Server, winterm.eecs — Remote Desktop connections to winterm.eecs will not be blocked, so no VPN connection is necessary. Software on winterm.eecs will help mitigate brute force attacks.

To summarize, as of February 20:
* VPN users will still have the same access to their remote desktops.
* Access to winterm.eecs will not change.
* Users who use RDP to other devices on our network from off-campus will need to use VPN first.

See also:
* The campus VPN service

Filed Under: News

Primary Sidebar

IRIS Service Status

Green
We have 0 Active Incidents, and 0 Scheduled Maintenances noted.

IST Service Status

Outages to campus services are listed at berkeley.statusdashboard.com.
  • About
  • Contact
  • Privacy
  • Accessibility
  • Nondiscrimination

© 2022–2025 UC Regents  |  Log in