Remote Desktop Protocol - often just called Remote Desktop or RDP - is the name of Microsoft's remote access capability. Using RDP, you can remotely connect to the desktop of a computer or server from anywhere in the world.
While this is a fantastic capability for users, it's also great for attackers. If an attacker can access RDP on one of your computers, all they need is a valid password to get in, just like they were sitting at the keyboard. If you review the article on Compromised Credentials, you will understand how easy it is for an attacker to enter your networks via RDP.
Attackers can launch brute-force attacks against RDP as well. These attacks use your RDP access to guess usernames and passwords at high speed, trying all known password variations in rapid succession. These attacks are often successful in gaining access; they are also often successful in using up system resources and crashing computers.
These common remote access protocols (RDP and RDWeb) pose a great risk to organizations of all sizes. Do not leave these capabilities active unless required, and never leave RDP or RDWeb exposed to the internet. If RDP or RDWeb are business-critical, using MFA isn't enough. They must be used with a VPN.
Despite the shortcomings related to RDP, it's still an extremely valuable service that many organizations rely on. Fortunately, there are ways to use RDP securely:
- Use a Virtual Private Network (VPN). If you have a corporate VPN - or if you can set one up using your existing network hardware - you can safely remove RDP from the internet and access it from behind your secure VPN. (Note: You should also have Two-Factor Authentication enabled on that VPN)
- Firewall or Filtered Access. If you only use remote desktop from a few locations, you can configure your firewall only to allow RDP access from those locations. This will require a static IP address at those remote locations, so it's not suitable for accessing from a coffee shop (for example), but it is definitely an option to access RDP from home or a branch office securely.
- Use Two-Factor Authentication. You can also install a two-factor authentication service on the computer running RDP. This will require a second form of authentication before allowing login to the computer. (See Two-Factor Authentication for more details). We always recommend using two-factor authentication wherever possible.
- Never leave RDP or RDWeb exposed to the internet. Because RDP and RDWeb are so high risk, if Coalition detects them exposed to the internet, insurance will be declined.
As with most things in cybersecurity, the objective is not to restrict what you can do. Rather, we want to ensure that you can continue to work productively while still protecting your data.
For more information on this topic, please reach out to us; we’re here to help!