Hello and welcome, my fellow tele-toilers and anyone just scrolling by!
Today’s HelpWire blog is about the most important aspect of all the Windows Remote Desktop Connections sessions: the RDP’s vulnerability to malware and direct hacker attacks. I’m going to arm you with all the necessary tools and techniques needed to prevent ill-intended cyber actors from using your resources for bitcoin mining or encrypting data on your computers with some tricky ransomware.
So buckle up, and off we go!
What is Remote Desktop Protocol?
In a nutshell, Microsoft Remote Desktop Protocol (RDP) is a separate data transfer channel that allows you to connect two (or multiple) desktops. During the RDP sessions, data is transferred between computers via several protocols, including TCP, so a user operating one machine gets to control other computers over the network like he was sitting in front of them directly. Recently, RDP is becoming increasingly common and often has a corporate-wide implementation for remote technical support and teleworking.
The original Microsoft’s RDP client called ‘Terminal Services’ was a Windows-only solution. But now, there are dozens of third-party apps for all popular operating systems, including Linux, macOS, and Android, that connect machines via both TCP and UDP protocols. Some of them offer nice bonuses like private VPN, two-step authentication, and an extra encryption layer to drastically decrease RDP’s vulnerability. But that’s a whole other talk for another blog. And for now, let’s have a good and proper look at said vulnerabilities since I’ve mentioned them already.
Why Remote Desktop Protocol is not safe?
Whan Microsoft developers came up with the Remote Desktop Protocol concept, they thought they’ve ‘abstracted away the complexities of dealing with the protocol stack.’ The harsh truth is that what they really have created is a wide-open door for all the malicious cyber actors on the web. The situation is a-ok for Linux users, but if you have Windows, chances are an attacker has an eye on you already. In the best case, your machine’s resources may be used for mining. In the worst case, you’ll have some sort of ransomware planted with an extremely poor chance of getting rid of it.
The main reason is that for successful Remote Desktop Protocol connections, several ports must be open. And, in many organizations, administrators can’t be bothered to change the default port settings and use standard ports that are the primary aim for any potential attacker.
And now we finally get to the nub of the matter: the measures you’d better take to make sure your RDP app (standard or third-party, all the same) won’t place your system in jeopardy.
How to de-risk Remote Desktop Protocol?
Well, I guess we all can agree now that careless RDP use creates too much risk. It’s time to learn new, safer ways. For your convenience, I’ve come up with a handy checklist you can use any time you want to make sure that Remote Desktop Protocol implementation in your company is as safe as it can be. Here it is:
- Cut all excesses. It’s strongly advised that organizations not using Remote Desktop Protocol should disable remote connections on all their desktops, just in case. IIn all other cases, make sure to enable remote access only to those staff members that will be using it and block for the rest of the team. And don’t forget to strictly limit external connections.
- No standard ports. The first thing you need to change (or have one of your system administrators do that for you) after RDP tool installation is port settings. The standard ports are 3389 and 443, so that’s where all malware and hackers will aim first. Make sure you’re not using these for your remote connections.
- No standard apps. Windows Remote Connection client was around for so long that all its vulnerabilities are widely known inside and out. And you can never know who’s going to take advantage of that knowledge.
- Strong passwords. As you may already know, a good password is a random string of numbers and letters, both upper and lower case, plus some occasional special symbols. All those easy and lazy stuff like dictionary words or birthday digits must be left in the 90th where they belong.
- Access monitoring.There is no such thing as a too-strong access restriction policy. So if you can get more than two-factor authentication, go ahead and do it.
- Data protection. The more advanced the data encryption algorithm your app has the better. Don’t go for any less than 2048-bit SSL.
- Latest versions only. Never missing a system and app update is one of the keys to successful Remote Desktop Protocol implementation. On top of that, it’s an excellent practice to keep an eye on your app developer’s web page in case they'll issue some critical patch.
- No open ports on cloud-based VMs. If you rely on virtualization in your day-to-day operation and your virtual machines have public IP addresses, take care that all standard ports of those VMs are closed at all times.
- Regular back-ups. Do I really need to stress the critical importance of a consistent backup strategy? I’m pretty sure you already got one in place and keep it on the isolated well-secured server.
- Enabled logging. System logs are the key tool for detecting unwanted connections and attempted intrusions.
- No unprotected external connections. Make sure that all your machines that may potentially need to connect a remote device over the Internet at any point in time have their VPNs constantly up and running. But keep in mind that no VPNs will save you if you connect to a device infected with malware. So get a good antivirus, keep it updated, and always check a device before linking it up with your machine.
And that’ll be all for today. Don't hesitate to click my links to dig a bit deeper, stay safe, always remember that VPN is your best friend, and see ya all in the following blogs.