For many years now, Microsoft has offered a system with Windows that allows you to take control of another machine. This has been invaluable for system admins that need to control servers and other Windows machines, without having to run around from office to office or site to site. Easy takeover of machines does come with risks. The protocol known as Remote Desktop Protocol (RDP) and the Remote Desktop Connection software that relies on it are often victims of simple attacks. These attacks have been on the rise in recent years and are extremely popular at the moment, as they are enticing for cyber criminals that seek to compromise the admins and machines that control whole organizations.
How is Remote Desktop Protocol a security risk?
RDP often uses a particular port that is easy to locate in a scan. And unfortunately, the default account username for an admin is often Administrator. While it’s no secret that having a poor password policy is not ideal for server security, it’s worth reiterating here it can mean that hackers can try huge amounts of passwords before anyone is alerted or an account is locked out.
Once an intruder gets admin access, they can deliver specialized malware or remote access tools that can often be almost impossible for any security solution to detect. With admin privileges and route access to the desktop, maximum damage can be done. This stresses the importance of endpoint protection, as well as policies, monitoring, logging, backups and incident response.
How to protect & secure your organization from Remote Desktop attacks
Preventing such brute force attacks isn’t as complicated as it may seem. You can employ a few easy actions to keep your organization safe:
Prevent scanning for an open port
- Change default RDP port from 3389 to another unused port
- Block RDP (port 3389) via firewall
- Restrict RDP to a whitelisted IP range
Prevent attackers from gaining access if RDP is enabled
- Create a Group Policy Object (GPO) to enforce strong password policy (GPOs are important and should be common practice for your organization)
- Require two-factor authentication