<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1354242&amp;fmt=gif">

What is RDP and why is it a security concern?

Remote Desktop Protocol (RDP) Overview

Remote Desktop Protocol (RDP) is a Windows service that allows users to remotely connect to a Windows machine. More simply, RDP allows someone on remote computer A to login to Windows computer B as if they were physically sitting at the system. Historically, businesses expose RDP to the Internet as a common remote access method to enable their users to remotely access company systems and data. IT consultants also historically leveraged RDP to assist their clients’ systems remotely.

RDP Security Risks

Threat actors commonly target external facing RDP as a primary method of gaining access to an organization’s network. This is done through the use of stolen credentials or brute forcing weak user credentials. Once an initial foothold is accomplished using RDP, threat actors will move undetected in your environment and deploy malware. This often leads to ransomware infections.

Organizations that continue to use RDP expose themselves to an increased likelihood of attack as a large number of threat actors focus efforts on breaking in through that mechanism.

How to Help Clients Secure Their RDP

Corvus recommends that organizations still using Internet accessible RDP to adopt alternative methods of remote access. In limited situations, organizations may be unable to migrate away from RDP to better solutions. In those situations, properly securing RDP is essential. We recommend the following steps to secure RDP:  

  1. Require multi-factor authentication for all users.

  2. Only allow authentication for users who require remote access.

  3. Enable and enforce strong RDP configuration including:

    • Complex passwords

    • Account lockouts policies

    • Network Level Authentication (NLA)

    • Restricted Admin Mode

  4. Only allow RDP connections from trusted sources:

    • Implement an IP address allow list
    • Leverage client side certificates for trusted devices
  5. Routinely update your Operating System and third-party software and immediately patch critical vulnerabilities.

  6. Inform Corvus of the steps taken to secure RDP. We're also here to answer questions about how to resolve an issue.

Alternatives to RDP

With threat actors placing an increased focus on Windows RDP as an initial attack method, many organizations are moving away from RDP and opting for more secure remote access solutions. Here are some alternatives you can consider for RDP. Remember to always use MFA access for any remote access method.

  1. Migrate to cloud based services

    • Microsoft Office 365
    • Google Worksuite
  2. VPN solution

  3. Zero Trust Network Access (ZTNA)

    • Cisco
    • Illumio
    • Palo Alto
    • Perimeter81
    • ZScaler
  4. Where cloud-based services or zero trust network access are not possible, consider, Remote Access and Remote Control Computer Software, such as:

    • LogMeIn
    • TeamViewer
    • AnyDesk

Recent Articles

Handling Cyber Objections: 'Cyber Insurance Is Too Expensive'

Clients may be quick to object to the cost of cyber insurance, but we'll unpack the real 'bang for your buck' argument to cyber coverage.

CDK Global Incident | June 2024

A popular auto dealer software is experiencing a cyber incident. Here's what you need to know.

Cyber and Construction: Laying Groundwork to Combat Digital Threats

The construction sector is facing urgent cybersecurity challenges. Learn more about unique risks and how creative underwriting solutions can help.