categories
Updated on in Remote access, Security

RDP Security: How Secure is Remote Desktop?

Author: Robert Agar
Robert Agar Article author

The Remote Desktop protocol provides a popular method of accessing remotely located Windows computers from Windows or Linux systems. The number of RDP servers accessible through the Internet is over 4.5 million. There are countless more machines connected to corporate LANs and private networks. Many businesses rely on RDP servers to access remote machines.

Recently there have been vulnerabilities discovered in the protocol that may allow attackers to gain unauthorized access to desktops and workstations. The possibility of more bugs being uncovered is high, raising the question of how secure Remote Desktop sessions can be established.

Useful tip:  For secure remote desktop connections, consider a reliable remote support solution equipped with advanced encryption and strong authentication. HelpWire guarantees secure connections for both support staff and clients.

How to Secure RDP?

Is Remote Desktop secure? While there are vulnerabilities in the protocol, following some general security measures can make it more difficult for criminals to launch a successful attack against your RDP servers. Follow these simple steps to protect your RDP and reduce the risk of attacks.

RDP Security for Personal Use

These actions make up the essential security baseline for anyone using a computer at home. They’re easy to set up, really important, and offer strong protection without needing complicated network equipment.

  1. Turn on Network Level Authentication so anyone trying to access your RDP session has to verify themselves first.
    • ● Reduces the risk of brute-force attacks
    • ● Makes sure only verified users can try to connect
  2. Use Strong Passwords
    • ● Use at least 16 characters
    • ● Mix uppercase, lowercase, numbers, and symbols
    • ● Don’t reuse passwords across different accounts
  3. Update Systems Regularly and Disable RDP When Not Needed
    • ● Regularly install Microsoft patches to fix vulnerabilities
    • ● Turn off RDP on computers where it’s not needed
Note:  The safest RDP setup is one that’s completely turned off.
  1. Place RDP Behind a Firewall

Don’t leave RDP servers open to the internet. Keep them behind firewalls and only allow access from internal networks or through a VPN.

Note:  RDP ports that are exposed online are easy to find using Shodan, a tool hackers love to use.

RDP Security for Corporate Environments

These steps require a more advanced setup, like tweaking firewalls, VPNs, or system rules (MFA, GPOs, blocking). They give the biggest security boost but take more work to put in place.
  1. Base layer: Follow all these steps for personal use
  2. Only Give Users the Access They Need
    • Only give RDP access to users who actually need it
    • Take away access when someone’s role changes
    • ● Don’t let local admin accounts use RDP
  3. Use VPN or RDP Gateways
    • VPN: Encrypts your traffic and creates a secure tunnel
    • RDP Gateway: Handles all connections in one spot, supports MFA, and lets you track activity
    • ● If you can, make everyone connect through an RD Gateway with MFA integration.
  4. Limit Login Attempts
Set up Account Lockout Policies:
  • ● Lock accounts after a few failed login attempts
  • ● Helps stop brute-force attacks fast
Note:  Be careful. Attackers might try to lock accounts on purpose to interrupt business operations. Keep an eye out for unusual spikes in account lockouts.
  1. Require Multi-Factor Authentication (MFA)

Set up MFA to protect your accounts from stolen or guessed passwords. Options include:

  • Push notifications (e.g., Microsoft Authenticator or DUO)
  • SMS or email codes
  • ● Biometric authentication
  1. Strengthen RDP security settings

Use Group Policy Management to set up:

  • Encryption level: set to high for stronger protection
  • Require secure RPC communication: turn this on
  • Security layer: use SSL
  • Require NLA for remote connections: make sure this is enabled

Recent Remote Desktop Vulnerabilities

Is RDP safe to use in your environment? Let’s take a look at critical Remote Desktop security risks that were recently discovered and how they impact the protocol in general.
rdp security

DejaBlue

DejaBlue (CVE-2019-1181 & CVE-2019-1182) is an RCE vulnerability found in the Microsoft RDP servers in 2019. The security flaw affected all versions of Windows 7 through 10 until it was patched. The exposure is related to an integer overflow problem in one of the RDP server’s base dynamic link libraries. It is found in RDPCoreTS.dll or RDPBase.dll based on the version of Windows running.

The specific issue is with the function used to decompress data transmitted over a Dynamic Virtual Channel (DVC). When compressed data is sent over a DVC it is in a PDU in the form of RDP_SEGMENTED_DATA and can contain multiple segments. Part of the compressed RDP_SEGMENTED_DATA will specify the uncompressed size of the data.

When a compressed DVC PDU is received by the RDP server it decompresses the information with the DecompressUnchopper::Decompress() function. The function allocates memory for the decompressed data, giving it a size of uncompressedSize + 0x2000. No checks are performed on the result size. Cybercriminals can manipulate the memory allocation to make it smaller than the size required to store the decompressed data. This leads to a heap overflow which can be used to inject malware into an organization’s infrastructure.

BlueKeep

BlueKeep (CVE-2019-0708) is an RCE vulnerability in the RDP server that impacted systems running Windows 2000 to Windows 7 and Windows Server 2008 R2. It was addressed by Microsoft in a patch provided in May of 2019. The vulnerability was present in termdd.sys, the Windows kernel driver responsible for handling RDP connections.

BlueKeep is a use-after-free vulnerability that can result in a Remote Desktop exploit when the connection is being initialized. Negotiations between client and server are conducted to determine which static virtual channels will be initialized for the connection. Certain channels are allocated regardless of the requests.

The MS_T120 channel is one of those allocated channels and is pointed to by a table created by termdd.sys. The Static Virtual Channel MS_T120 is created at index 0x1F by default before the connection sequence begins and can be used by hackers for malicious purposes.

Understanding the Core: How RDP Security Works

To see how these steps help, let’s take a look at how RDP keeps things secure at the protocol level.
rdp security

Standard Security

RDP’s standard security employs RSA’s RC4 encryption algorithm to protect data transmission. Random values are shared between client and server when a connection is initialized while the machines are in the Basic Settings Exchange phase. Remote Desktop encryption protects transmitted data from unauthorized use.

Enhanced Security

With RDP’s enhanced security, all phases of security such as encryption, decryption, and integrity checks can be outsourced to one of the following external security protocols:

The enhanced protocol can be implemented using a direct or a negotiation-based approach.

The direct option is more concerned with security than compatibility and requires the client to perform an external security protocol handshake before transmitting anything related to RDP.

In a negotiation-based configuration, connection initialization is outside the scope of the security protocol. The client and server select a security protocol after initialization. After completing the external protocol handshake, the external security protocol encapsulates all other stages of the Remote Desktop connection.

The most valuable characteristic of RDP Enhanced Security is that it allows Network Level Authentication (NLA) to secure Remote Desktop access.

Network Level Authentication

Network Level Authentication (NLA) employs CredSSP to authentic users before they initiate the RDP connection. This ensures that only authenticated users can access the RDP server’s resources. NLA can be used to limit user access to minimize RDP security issues.

Ready-Made Solution: HelpWire

Above, we went over how to secure RDP manually, which takes careful setup and ongoing monitoring of lots of policies and network components (like firewalls, VPNs, GPOs, and MFA).

If you want a ready-to-go, reliable, and user-friendly secure remote access solution that already follows best security practices without complicated setup, using specialized tools is a solid choice.

HelpWire was built with top-notch security standards, letting users keep their connection safe.

  • Is HelpWire safe?

    Strong Authentication: Utilizing Auth0 for secure credential management.

  • Enhanced Encryption:

    TLS/SSL and AES-256 encryption for secure remote connections.

  • Safe Hosting:

    AWS servers for robust cloud hosting.

  • Verified Applications:

    Digital certification by GlobalSign for application security.

  • Controlled Access:

    Client consent required for remote access, with options for immediate revocation through shortcuts or the HelpWire Client app.

Tags:
RDP, Tips & Tricks