What is Remote Desktop (RDP)?
Remote desktop is a service that allows users to access and control a remote Windows or Mac desktop (if it is running Windows) from a separate computer. The desktop computer requesting the remote connection is called the
client. The desktop receiving the remote connection request is the
host. Remote controlling a desktop or laptop is like using a remote for your TV. Your button clicks tell the TV to change channels, start streaming, pause, stop, you get the idea.
This remote access approach is popular because it is a service included with Microsoft operating system software. Since many organizations rely on Windows, defaulting to remote desktop is a natural choice.
Is Remote Access the Same as Cloud Computing?
No. Remote desktop is not the same as accessing
cloud file storage. With the cloud, files are physically stored on a sever located somewhere in the world. A user connects to the remote server to access the files they need. They do not take control of the server to do their work like on a desktop.
Remote desktop, on the other hand, allows a user to access and work on the entire physical desktop or laptop.
How Does RDP Connect to Another Desktop?
To get just a little bit technical, the RDP protocol uses the dedicated network port 3389 for this connection.
What is a port? In a network, it is a logical (as compared to a physical) software-based location designed to perform a specific function. A network has many software ports. The operating system, such as Windows or Linux, knows what each port is intended to co. The operating system communicates with the port it needs to send specific instructions between the network and all the devices on it.
When a user starts a remote desktop connection, the RDP protocol opens a dedicated network connection between the remote machine and the local computer. Each mouse click, keystroke, monitor display, and data are exchanged in this remote connection.
How Secure Are RDP Connections
Remote desktop has three security levels available to it.
By default, an RDP connection uses the negotiate method. This means that the desktop (client) requesting the connection and the remote computer (the host) decide on the most security level based on what the client supports. This method is not recommended by Microsoft.
If the client supports TLS 1.0, then the remote desktop connection uses this high level of security.
If the client does not support TLS 1.0, then the connection is made using the RDP security layer which is not as robust as the TLS 1.0 protocol.
SSL is the preferred secure approach. It uses the TLS 1.0 protocol to verify the identify of the remote host computer and encrypts all data exchanged between the client and host machines.
The default RDP security layer, on the other hand, does not authenticate the host computer. That leaves the connection more vulnerable to attacks.
RDP and Security Vulnerabilities
RDP has well-known security flaws, making it an easy target for hackers. Because of this, many organizations disable remote desktop on all company devices.
A security vulnerability is a gap or software error that allows attackers to gain access to a device or network. Because hackers are continuously scanning networks for any openings, port 3389 is a common target because of its known weaknesses.
Some of the critical vulnerabilities include:
Open port access. Because RDP is known to use port 3389, attackers know this port is active and easily accessible.
Password weakness. Desktop computers are usually protected by some form of password that is not strictly controlled. Since RDP commonly uses the same password, it leaves the remote connections open to attacks.
Brute force password attacks are a common hacker tactic. These are simple keep guessing until you get it right actions performed by scripts or bots. This type of attack doesn’t rely on sophisticated technology but instead just simple number and letter random combinations.
Most passwords can be cracked in a few seconds or less.
Credential stuffing attacks use the usernames and passwords obtained from one company’s data breach to attack another company. Since many people use the same login credentials for more than one account, attackers use stolen credentials to knock on other doors.
Unpatched software that uses port 3389. Vendor software that relies on the RDP protocol must continually be updated to prevent newly discovered vulnerabilities.
Unpatched Windows server and desktop operating software. One of the largest vulnerabilities is referred to as BlueKeep. It allows an attacker to make a connection to an unpatched Windows system and send instructions that enable remote control. While this has been patched, any company that has not been rigorously applying updates is at risk.
Misconfigured servers. Because RDP is easy to implement, misconfiguration often happens. Instead of leaving port 3389 openly exposed to the internet, Microsoft recommends a Remote Desktop Services Gateway server. This server sits in front of the host server and tunnels all RDP traffic over an SSL HTTPS connection.
Safeguards Against RDP Security Vulnerabilities
Implement a VPN for all users who need remote access to a machine
If RDP is needed, always use the SSL option. Set a Group Policy to require all RDP connections to use TLS 1.0 protocol. If TLS 1.0 is not supported by both client and host, then the connection will fail.
Disable RDP on all desktops and laptops
Enforce multi-factor authentication (MFA) for all remote connections
Enable automatic Windows updates on all devices and do not allow users to change the settings
Implement a Remote Desktop Services Gateway server described above
Incorporate password policy filters into Active Directory
Keep Discovering
What is Data in Transit vs. Data at Rest
What is Encryption
What is End-to-End Encryption
What is SSL and TLS
Your Essential Advanced Security Bundle for Today's Protection
DNS web content filtering
Proactive 24/7/365 SOC breach monitoring and support
Advanced endpoint security, the next generation anti-virus
Get the details
