What is RDP, and why is it a security concern?

Learn more about RDP, it's risks, and how to help your client properly secure their infrastructure.

RDP Overview

Remote Desktop Protocol (RDP) is a Windows service that allows users to remotely connect to a Windows machine. More simply, RDP allows someone on remote computer A to login to Windows computer B as if they were physically sitting at the system. Historically businesses expose RDP to the Internet as a common remote access method to enable their users to remotely access company systems and data. IT consultants also historically leveraged RDP to assist their clients’ systems remotely.

RDP Security Risks

Threat actors commonly target external facing RDP as a primary method of gaining access to an organization’s network. This is done through the use of stolen credentials or brute forcing weak user credentials. Once an initial foothold is accomplished using RDP, threat actors will move undetected in your environment and deploy malware. This often leads to ransomware infections.

Organizations that continue to use RDP expose themselves to an increased likelihood of attack as a large number of threat actors focus efforts on breaking in through that mechanism.

How to Secure RDP

Corvus recommends that organizations still using Internet accessible RDP to adopt alternative methods of remote access. In limited situations, organizations may be unable to migrate away from RDP to better solutions. In those situations, properly securing RDP is essential. We recommend the following steps to secure RDP:  

  1. Require multi-factor authentication for all users.
  2. Only allow authentication for users who require remote access.
  3. Enable and enforce strong RDP configuration including:
    1. Complex passwords
    2. Account lockouts policies 
    3. Network Level Authentication (NLA)
    4. Restricted Admin Mode
  4. Only allow RDP connections from trusted sources:
    1. Implement an IP address allow list
    2. Leverage client side certificates for trusted devices
  5. Routinely update your Operating System and third party software and immediately patch critical vulnerabilities.
  6. Inform Corvus of the steps taken to secure RDP. We're also here to answer questions about how to resolve an issue.

Alternatives to RDP

With threat actors placing an increased focus on Windows RDP as an initial attack method, many organizations are moving away from RDP and opting for more secure remote access solutions. Here are some alternatives you can consider for RDP. Remember to always use MFA access for any remote access method.

  1. Migrate to cloud based services
      • Microsoft Office 365
      • Google Worksuite
  2. VPN solution
  3. Zero Trust Network Access (ZTNA)
      • Cisco
      • Illumio
      • Palo Alto
      • DUO
      • Okta
  4. Where cloud based services or zero trust network access are not possible, consider, Remote Access and Remote Control Computer Software, such as:
      • LogMeIn
      • TeamViewer
      • AnyDesk