Remote Desktop Protocol - often just called Remote Desktop or RDP - is the name of Microsoft's remote access capability. Using RDP, you can remotely connect to the desktop of a computer or server from anywhere in the world.
While this is a fantastic capability for users, it's also great for attackers. If an attacker can access RDP on one of your computers, all they need is a valid password to get in just like they were sitting at the keyboard. If you review the article on Compromised Credentials, you will understand how easy it is for an attacker to enter your networks via RDP.
Attackers can launch brute-force attacks against RDP as well. These attacks use your RDP access to guess usernames and passwords at high speed, trying all known variations of passwords in rapid succession. These attacks are often successful in gaining access; they are also often successful in using up system resources and crashing computers.
In spite of the shortcomings related to RDP, it's still an extremely valuable service that many organizations rely on. Fortunately, there are ways to use RDP in a secure manner:
- Use a Virtual Private Network (VPN). If you have a corporate VPN - or if you can set one up using your existing network hardware - you can safely remove RDP from the internet and simply access it from behind your secure VPN. (Note: You should also have Two-Factor Authentication enabled on that VPN)
- Firewall or Filtered Access. If you only use remote desktop from a few locations, you can configure your firewall to only allow RDP access from those locations. This will require a static IP address at those remote locations, so it's not suitable for accessing from a coffee shop (for example), but it is definitely an option to securely access RDP from home or a branch office.
- Use Two-Factor Authentication. You can also install a two-factor authentication service on the computer running RDP. This will require a second form of authentication before allowing login to the computer. (See Two-Factor Authentication for more details). We always recommend using two-factor authentication wherever possible.
As with most things in cybersecurity, the objective is not to restrict what you can do. Rather, we want to ensure that you can continue to work productively while still protecting your data.
For more information on this topic, please reach out to us; we’re here to help!