Why is RDP Not Secure? I mean, it’s just a remote desktop connection, right? Wrong. RDP is one of the most insecure protocols out there and can be easily exploited by hackers.
In this post, we’ll look at why RDP is not secure and how you can protect yourself against attacks. Stay safe out there!
Why is RDP Not Secure?
RDP, or the Remote Desktop Protocol, is one of the primary protocols used for remote desktop sessions, which occur when employees access their workplace desktop computers from a device other than their own. RDP is included with most Windows operating systems and is also compatible with Macs. Many businesses use RDP to enable their workers to work from home.
What are the most common RDP security flaws?
A vulnerability is a flaw or fault in the design of a piece of software that permits attackers to obtain unauthorized access. Consider a poorly put lock on a house’s front door, which allows burglars to break in.
The following are the most critical RDP flaws:
- Inadequate user sign-in credentials
Most desktop computers are password-protected, and users may usually choose whatever password they select. The issue is that the same password is frequently used for both RDP remote and local logins. Companies seldom maintain these passwords to verify their strength, leaving these remote connections vulnerable to brute force or credential stuffing assaults.
- Port access is unrestricted.
RDP connections nearly usually occur on port 3389*. Attackers can presume this is the port in use and target it for on-path assaults, among other things. A port is a logical, software-based location in networking that is assigned for specific sorts of connections. Giving various processes to distinct ports allows computers to track which processes are running. HTTP traffic, for example, always uses port 80, whereas HTTPS traffic uses port 443.
What are some possible solutions to these RDP flaws?
To limit the incidence of insecure sign-in credentials, implement the following measures:
SSO
Many businesses already utilize SSO services to handle user logins for multiple apps. SSO makes it easy for companies to enforce strong password usage while introducing additional secure methods such as two-factor authentication (2FA). RDP remote access can be moved behind SSO to mitigate the user login vulnerability outlined above. (Cloudflare Access, for example, enables businesses to do so.)
Password management and enforcement
Moving RDP behind SSO may not be an option for some businesses. At the very least, they should compel staff to change their PC passwords to something more secure.
To guard against port-based attacks, implement the following measures:
Secure tunnelling software can prevent attackers from sending queries to port 3389. Any questions that do not transit via a secure tunnel (e.g., Cloudflare Argo Tunnel) will be blocked.
Firewall rules
It may be able to manually set up a corporate firewall to allow only traffic from letting listed IP address ranges to pass over port 3389. (e.g. the devices known to belong to employees). However, this solution requires a significant amount of human effort and is still vulnerable to attack if an allowed listed IP address is hijacked or employee devices are hacked. Furthermore, it is sometimes difficult to identify and allowlist all staff devices in advance, leading to ongoing IT requests from restricted workers.