Learn more about RDP, it's risks, and how to help your client properly secure their infrastructure.
Corvus Cybersecurity Alerts will notify you when our scan has detected a new publicly accessible RDP service on one of your clients' systems.
Remote Desktop Protocol (RDP) service is a protocol that allows a user to control a Windows machine remotely. RDP is commonly used by bad actors to gain access to remote systems because it often lacks the security of company endpoints, or suffers from weak authentication and lack of two factor authentication. Without these protections, attackers can use brute force password guessing attacks or to obtain employee credentials via social engineering attacks like email Phishing in order to access your network.
Best Practices for Securing RDP
Properly securing the RDP ports is the ideal resolution. We recommend that your clients take the following steps to address their RDP vulnerability.
- Work with their IT team to investigate the vulnerability
- Assess the need to have RDP open on systems, and if it is required, be sure that the appropriate security measures are in place.
- Place any system with an open RDP port behind a firewall
- Enable strong passwords and multi-factor authentication (MFA)
- Let Corvus know that the vulnerability has been resolved or mitigated by emailing email@example.com. We're also here to answer questions about how to resolve an issue.