For many years now, Microsoft has offered a system with Windows that allows you to take control of another machine. This has been invaluable for system admins that need to control servers and other Windows machines, without having to run around from office to office or site to site. Easy takeover of machines does come with risks. The protocol known as Remote Desktop Protocol (RDP) and the Remote Desktop Connection software that relies on it are often victims of simple attacks. These attacks have been on the rise in recent years and are extremely popular at the moment, as they are enticing for cyber criminals that seek to compromise the admins and machines that control whole organizations.
How Remote Desktop Protocol at risk?
RDP often uses a particular port that is easy to locate in a scan. And unfortunately, the default account username for an admin is often Administrator. While it’s no secret that having a poor password policy is not ideal, it’s worth reiterating here it can mean that hackers can try huge amounts of passwords before anyone is alerted or an account is locked out.
Once an intruder gets admin access, they can deliver specialized malware or remote access tools that can often be almost impossible for any security solution to detect. With admin privileges and route access to the desktop, maximum damage can be done. This stresses the importance of policies, monitoring, logging, backups and incident response.
How do I protect my organization?
Preventing such brute force attacks isn’t as complicated as it may seem. You can employ a few easy actions to keep your organization safe:
Prevent scanning for an open port
- Change default RDP port from 3389 to another unused port
- Block RDP (port 3389) via firewall
- Restrict RDP to a whitelisted IP range
Prevent attackers from gaining access if RDP is enabled
- Create a Group Policy Object (GPO) to enforce strong password policy (GPOs are important and should be common practice for your organization)
- Require two-factor authentication
Think you may have been compromised?
Getting to the bottom of suspicious activity is vitally important and our team is here to help. Contact us today.