Still using RDP? Well, stop!

As hackers evolve, so must your security.

Many practices that were once common have increasingly become dangerous security risks. Growing up, it wasn’t uncommon for front doors to be left unlocked and car keys left in cars. As we became more aware of the threats around us, my neighbors started paying attention to keeping their property secure. Just as things have changed in the suburbs, so too has security changed in business, specifically with regards to RDP.

Microsoft Remote Desktop Protocol terminal services (“RDP” or “remote desktop”) are remote control protocol, baked into every version of Windows since XP. Windows Servers have had this service available as far back as NT 4.0 (Terminal Server Edition).

Being easy to use and widely available, RDP has been the go-to choice for IT professionals to remotely administrate servers – both their own and their clients’. Many end-users have used (and many unfortunately still do) RDP as a means to use their office computers when home or traveling. Unfortunately, opening RDP to the public Internet doesn’t just make a hacker’s job easier, but essentially advertises an easy target.

With great ease of access comes great security problems. Having RDP ports open to the public Internet has become akin to not only leaving your car unlocked but also leaving the keys in plain sight, where anybody who thinks to look will see them. Hackers regularly scan the Internet to see what might be responding. Older versions of RDP have been known to have critical vulnerabilities¬†which can be exploited. For example, accounts from which administrators won’t be locked out – no matter how many bad passwords are tried – make brute force attacks a very real threat.

What’s the RDP Risk?

Once a bad actor gains access to an administrative account, they can steal or destroy data, install malware or ransomware, or stay under the radar and use the resources to either host their own services or use as an intermediary to commit other crimes.

More commonly, we have seen users getting locked out of their own systems as a hacker attempts a brute force attack through their password. It’s typically unknown whether the hacker is guessing at or targeting a certain username, but even if breach attempts are unsuccessful, productivity is damaged when the user gets locked out repeatedly.
While we are shutting this service down (or otherwise securing clients from exposure), we regularly see new clients using RDP. A few years ago the risk was more theoretical and shutting the service down was merely a best practice, but in the last couple years this type of exploitation is getting far more common.

What Can We Do?

Closing down the ports for RDP and reducing the attack surface is usually a relatively simple process. The difficulty is finding an alternative way to serve the business needs RDP had fulfilled. Many tools and protocols are available to businesses which provide secure, remote access to their systems and data, such as:

  • Connecting to a VPN (Virtual Private Network) before using RDP,
  • Use Remote Desktop Gateway to force remote connections through a secure website,
  • Move the application or data to a cloud service,
  • Sign up for a secure remote access tool such as LogMeIn.

Not all of the above solutions are appropriate for every situation. Keep in mind:

  • Who is using the remote access?
  • What data or application are they accessing?
  • When and from where are they accessing it?
  • What is the business case?

Finding answers to these questions will help you (and your IT person) select the best solution for you.

If you might be using RDP in an insecure manner but don’t know what to do about it, contact AKUITY so we can quickly assess your situation.


Original post

Our Trusted Partners

Copyright © 2021 All Rights Reserved. AKUITY Technologies