Remote Desktop Protocol (RDP) is a Windows service that allows users to remotely connect to a Windows machine. More simply, RDP allows someone on remote computer A to login to Windows computer B as if they were physically sitting at the system. Historically, businesses expose RDP to the Internet as a common remote access method to enable their users to remotely access company systems and data. IT consultants also historically leveraged RDP to assist their clients’ systems remotely.Remote Desktop Protocol (RDP) Overview
RDP Security Risks
Threat actors commonly target external facing RDP as a primary method of gaining access to an organization’s network. This is done through the use of stolen credentials or brute forcing weak user credentials. Once an initial foothold is accomplished using RDP, threat actors will move undetected in your environment and deploy malware. This often leads to ransomware infections.
Organizations that continue to use RDP expose themselves to an increased likelihood of attack as a large number of threat actors focus efforts on breaking in through that mechanism.
How to Help Clients Secure Their RDP
Corvus recommends that organizations still using Internet accessible RDP to adopt alternative methods of remote access. In limited situations, organizations may be unable to migrate away from RDP to better solutions. In those situations, properly securing RDP is essential. We recommend the following steps to secure RDP:
Require multi-factor authentication for all users.
Only allow authentication for users who require remote access.
Enable and enforce strong RDP configuration including:
Complex passwords
Account lockouts policies
Network Level Authentication (NLA)
Restricted Admin Mode
Only allow RDP connections from trusted sources:
Implement an IP address allow list
Leverage client side certificates for trusted devices
Routinely update your Operating System and third-party software and immediately patch critical vulnerabilities.
Inform Corvus of the steps taken to secure RDP. We're also here to answer questions about how to resolve an issue.
Alternatives to RDP
With threat actors placing an increased focus on Windows RDP as an initial attack method, many organizations are moving away from RDP and opting for more secure remote access solutions. Here are some alternatives you can consider for RDP.Remember to always use MFA access for any remote access method.
Migrate to cloud based services
Microsoft Office 365
Google Worksuite
VPN solution
Zero Trust Network Access (ZTNA)
Cisco
Illumio
Palo Alto
Perimeter81
ZScaler
Where cloud-based services or zero trust network access are not possible, consider, Remote Access and Remote Control Computer Software, such as:
LogMeIn
TeamViewer
AnyDesk
