Blog / Is your Remote Connection For Sale? Look what I found!!
It is common for companies to set up Outside Access to their internal resources. Remote Desktop Protocol (RDP) is a simple method that is commonly used, to allow employees to connect from home and abroad.
Now you may ask why it is important to secure RDP. Well, McAfee did a recent study of the Dark Web and found that there are places where you can purchase RDP-access to various organizations, for as little as $3.
Once an Attacker is connected through RDP, they have internal access to the network and whatever resources that User does. They can then use all the tools on that computer to install additional Malware and infect the network.
The problem is that most organizations don’t think about properly securing those RDP connections. They don’t realize that once it has been found, there is nothing preventing someone from simply trying random usernames and passwords, until they connect successfully. RDP has no built-in protections; those need to be set up and enabled, and often require 3rd party software/tools.
So what sort of things can be done to secure RDP?
Here’s a list:
1) Set up 2–Factor Authentication
Normally, a login requires a username and a password. Even if they are changed periodically, it is still the same password for at least 60 days (often more.) Either way, the login is secured by the single factor, “Something you know.” 2-Factor adds another dynamic to the login; something you own. This can be a Key Fob, or software on a smart phone, that every minute or so generates a random sequence of letters/numbers. So, to login, you not only need a correct username/password combo, along with the ever-changing passcode; setting up 2-Factor Authentication almost always requires additional software/equipment on top of the RDP server. It is also the best method of securing external connections to your network.
2) Set up IP restrictions to the login portal
If the intention is to only allow people to login from home, then the portal can be restricted to just allowing their home IP addresses. If it is on the road, well then Geographic IP rules can be set up to restrict access for specific countries.
If your company only does business with Albertan outfits, there may not be a good reason to allow connections from IPs outside of Canada.
3) Make sure RDP is using secure encryption
Something that’s not well known is that just about every RDP implementation out there supports a few outdated and archaic encryption options. This is for reasons of backwards compatibility.
Fixing it is possible and requires re-configuring the server and, in some cases, installing Security patches (on the server and sometimes the Client’s computers as well.) This isn’t as big a deal if RDP is just set up for connections from inside your network, but it is much more important when you open this up to the outside, making sure the encryption is strong.
Considering one of the options is that a connection for your RDP could be sold to someone for as little as $3, a person who could in turn use that connection to install Ransomware or just about anything else, securing your RDP properly is well worth your time and effort.
If you have any questions about RDP Security, you can always reach out to your TRINUS Account Manager for some stress–free IT.
Your Friendly Neighbourhood Cyberman.