Remote Desktop Protocol or RDP is a network communication protocol designed to allow remote administration of Windows workstations or servers. In principle, it is designed to operate over an encrypted channel, thus preventing the information transmitted during the session from being seen or heard by unauthorized persons. Although its development principle is safe, implementing the use of this service in a company requires certain precautions, otherwise it may expose you to loss or vulnerability of information.
Remotely accessing company or even client computers is a great advantage that increases productivity since it eliminates the need to be physically in front of the team. Remote access follows the client-server logic model. The computer we want to access acts as the “server”, and the rest of the devices that connect to it are the “clients”. When this functionality is enabled, a port is “opened” on the server, which is commonly the number 3389. Ports can be understood as the entry and exit routes of information to the Internet. If a communication is not made on the correct port, it will be denied. In addition, the router that gives the server access to the Internet must be configured so that it accepts connections to the remote desktop from outside the internal network.
The Windows remote desktop or RDP, in addition to being used in the day-to-day of companies, is also one of the objectives of cybercriminals, and can become a significant risk for all organizations that have it enabled if they do not have the sufficient security measures. It is very often used to infect ransomware, the malware that encrypts files and asks for a ransom.
Ramsomware is the one that seeks to exploit vulnerabilities in the implementation of RDP over the internet. The idea is basically to try to hack the access to then be able to manually deploy the Ransomware on the company network. And although Ransomware is just one of the many risks that can be presented, it can be exposed to others such as. information spying, company information leakage, malicious deletion of information, etc.
The first thing to assess is whether it is really necessary to use a remote desktop in the company, since any public service on the Internet represents an added risk to the company’s cybersecurity. If it is not necessary, it is advisable to disable the remote desktop service but, if it is necessary you must:
▸If you must publish any application to the Internet that resides on a server but does not require publishing access by RDP, be sure to disable remote access manually.
▸If you want to leave the use of RDP from outside the LAN (Over the Internet) as an alternative, it would be a good idea to use a firewall that allows access only from authorized IP addresses.
▸If the use of RDP over the Internet is mandatory and you cannot restrict access by IP addressing, it is best to change the default port (3389), define only users authorized to access RDP and use strong passwords that make access difficult.
▸It is also recommended on the company’s firewall or firewall to create specific rules to restrict access to the Remote Desktop Server to a controlled subset of machines. This filtering can be done by means of IP addresses, allowing only those associated with the company’s computers to access.
Other topics:
Cyber risks for the online education
Apache HTTP Server and its vulnerabilites
Windows 10 vulnerabilities that have been highlighted
[…] check:Remote Desktop solutions, how secure are these?Pysa Ransomware – A Danger for your […]