Remote Desktop Protocol (RDP) has been known to IT professionals for years, added into our arsenal since the original release with Windows NT 4.0. This provided the technical people the ability to treat any system or task as though it were local. Before we go further, it’s worth noting most Ransomware attacks occur through the open ports in your network. These ports are what leadership sometimes uses to remote into a work machine. You’re internal IT uses this to assist in taking control of your work PC to troubleshoot a problem.
Quickly, the productivity tool was adopted, widely seen by many as an initial attack vector. From a security standpoint, any software or program that takes remote control of your PC is worthy of severe scrutiny. In the wrong hands, RDPs can assist cybercriminals in deactivating devices in the organization’s network, compromising endpoint protection, and delivering nasty payloads of malware.
Using a publicly accessible Remote Desktop Protocol session to reach systems creates major concerns surrounding your network vulnerability. Public sessions are targets, with cybercriminals discovering new ways of conducting port and IP sweeps. According to Tyler Moffit, Webroot’s Senior Threat Analyst and partner, it’s a matter of when not if.
Recent reports suggest the state of banking security as half of all banks in the SF Bay Area have left remote access and control interfaces like Remote Desktop Protocol openly accessible from the internet. Shocking finding for many in an industry built on securing customer information.
Turning Remote Desktop Protocol into an Attack Vector
Although most cyber attacks are from the results of lateral movement through your IT network, malicious payloads will spread between each system, fully compromising and stealing each PC’s data. By adding pubic accessible Remote Desktop Protocol, you compromise those with weak credentials, using password breakers to easily accomplish these lateral movements, from user to user.
Here are four high-level options for securing your environment and managing them with more security:
- Consider eliminating the Remote Desktop Protocol access by changing the default TCP ports and leveraging a virtualized network or VLAN to critical systems. A more secure option would be to block all RDP connections through none whitelisted IPs. Additional solutions are available when it comes to log-on monitoring and activity summaries with heightened visibility utilizing multi-factor authentication.
- Secure all systems and endpoints first, with solution designs to monitor and remedy any network anomalies. Similar to that of an RDP session from other workstations and notify your technical team or leadership.
- Utilize paid encryption Solutions for remoting into work systems. Some of the most popular remote solutions are TeamViewer, LogMeIn, and Screen connect all companies through encrypted connections to release communications as need.
Ready to Ditch the Remote Desktop Protocol?
With security threats and attack vectors mounting, remote desktop options are out there, and your Managed Service Provider or IT Consultant should be attending to the major attack vector. Companies must begin to recognize the security dangers across their network and how to best leverage their current technology investments.
To learn more about what Managed IT Support can do in terms of your network’s RDP, contact us today to get started in discovering network vulnerabilities the criminals will leverage.
