Many practices that were once common have increasingly become dangerous security risks. Growing up, it wasn’t uncommon for front doors to be left unlocked and car keys left in cars. As we became more aware of the threats around us, my neighbors started paying attention to keeping their property secure. Just as things have changed in the suburbs, so too has security changed in business, specifically with regards to RDP.
Microsoft Remote Desktop Protocol terminal services (“RDP” or “remote desktop”) are remote control protocol, baked into every version of Windows since XP. Windows Servers have had this service available as far back as NT 4.0 (Terminal Server Edition).
Being easy to use and widely available, RDP has been the go-to choice for IT professionals to remotely administrate servers – both their own and their clients’. Many end-users have used (and many unfortunately still do) RDP as a means to use their office computers when home or traveling. Unfortunately, opening RDP to the public Internet doesn’t just make a hacker’s job easier, but essentially advertises an easy target.
With great ease of access comes great security problems. Having RDP ports open to the public Internet has become akin to not only leaving your car unlocked but also leaving the keys in plain sight, where anybody who thinks to look will see them. Hackers regularly scan the Internet to see what might be responding. Older versions of RDP have been known to have critical vulnerabilities which can be exploited. For example, accounts from which administrators won’t be locked out – no matter how many bad passwords are tried – make brute force attacks a very real threat.
Once a bad actor gains access to an administrative account, they can steal or destroy data, install malware or ransomware, or stay under the radar and use the resources to either host their own services or use as an intermediary to commit other crimes.
Closing down the ports for RDP and reducing the attack surface is usually a relatively simple process. The difficulty is finding an alternative way to serve the business needs RDP had fulfilled. Many tools and protocols are available to businesses which provide secure, remote access to their systems and data, such as:
Not all of the above solutions are appropriate for every situation. Keep in mind:
Finding answers to these questions will help you (and your IT person) select the best solution for you.
If you might be using RDP in an insecure manner but don’t know what to do about it, contact AKUITY so we can quickly assess your situation.