With a rise in employees working from home in recent years, there has also been an influx of cyber attacks on the very system that makes that possible.
Perhaps you’ve used Remote Desktop Protocol (RDP) for work or have had to resort to it when dealing with customer support. If either is the case, the first time you ever used it might have been something of a worry. Allowing a stranger full control of your computer via a desktop interface? Sure, that doesn’t sound sketchy at all.
However, it actually isn’t sketchy. Microsoft designed RDP to facilitate secure data transfer from one computer to another. In both theory and practice, RDP has shown itself to be one of the most integral technological inventions of the last couple of decades. This is most notably the case within the healthcare industry, whose existence relies on patient confidentiality.
Although where hackers are concerned, the turn of phrase, “This is why we can’t have nice things” also comes to mind. The FBI reported recently that, since 2016, RDP attacks have been becoming more and more frequent. These brute force attacks aim to collect data such as names, dates of birth, insurance numbers, which the hackers then sell on to the dark market.
But with more and more companies understandably turning to RDP to cover their workloads, this is a threat that has to be dealt with before it’s too late. That said, the solutions to securing our remote desktop servers, are also in our hands.
The Many Uses of RDP
There are plenty of reasons why companies and individuals resort to RDP. For one, the ability to connect to and control one computer from another means that not every worker should have to go into the office. In the same vein, business travelers can stand to use it for that very same reason.
If you’re traveling for work or want to work while on vacation and work for a company, you’ll need access to your files. Particularly so if those files are confidential. This is where RDP really stands out. Not only can you access your work computer from anywhere in the world, but you can do so from home, too.
Administrators also benefit heavily from RDP. Many large-scale technology companies use it to aid their customers with any problems they might be facing. Additionally, if you’re out of the office for one reason or another and the software or hardware fails, you can fix it from your own computer.
RDP is a helpful and convenient tool for businesses the world-over.
So then where do the hackers come into it?
How Attackers Compromise RDP
Ransomware such as CrySIS, CryptON, and SamSam among others have been utilized and spread through RDP. Most of these attackers use what is known as the brute force method.
The problem with brute force is that attackers don’t necessarily have to be professional at what they do. On the contrary, brute force attacks are literally just trial-and-error.
Brute-force is also, however, time and resource consuming. Its success relies on patience, perseverance, and volume rather than some magic algorithm. What this means for us is that we can take measures such as complex passwords to protect against them.
Securing Your Remote Desktop Server Against Brute Force
Brute force attacks usually begin with the attacker scanning a list of IP and TCP port ranges to find a port that’s open. This is the time-consuming part. Once the attacker has gained access, however they’ve done it, they can start to unleash malware chaos on your server.
That said, brute force attacks really do depend on the measures you have or haven’t taken in securing your desktop. By rectifying your mistakes, you can successfully keep attackers out.
Solutions
Whitelist Your IP Address
Whitelisting an IP is a simple way of preventing RDS attacks. However, it’s also simple enough that it won’t block every attacker who is trying to get in, such as the case with roaming users. Whitelisting your IP address restricts outsiders from gaining access. In order to do this, you need to set up inbound rules on your firewall, and/or your RDP server. For example:
- Connect to your RDP server
- Open Windows Firewall with Advanced Security
- Click Inbound Rules
- Find and right-click the RDP Rule
- Go to Properties > Scope
Inside of the Scope tab is where you’ll create your IP restrictions.
- Under Remote IP address, check These IP addresses
- Click Add…
- Type your IP address in the top field
- Hit OK
Note: If you want to add an IP range instead, click This IP address range and input said range.
Deploy an RD Gateway
Remote Desktop Gateway servers give RDP users a more secure and encrypted connection. Having an RDG lets you share your network connection with other programs, enabling an ISP connection that steers off unwanted outsiders.
To do this, you first need to go to your service manager within your RDP.
- Go to Server Manager > Remote Desktop Services > Overview
- Under Deployment Overview, click on the green RD Gateway icon to install it
- Choose the server on which you want to install the role
- Enter your external FQDN (fully qualified domain name) in the SSL certificate name box
- Hit Next >
Once your RD Gateway is installed, you can configure certificates and properties. In properties, you can set up rules such as maximum simultaneous connections and further SSL bridging. This should leave your RDP network to your RDP team.
Multi-Factor Authentication
It’s likely you’ve heard of two-factor authentication already, even if you’re not a software professional. Companies like Apple, Google, and Amazon are all quickly adhering to this forward-thinking way of ensuring the security of their users.
Multi-factor authentication can also be used in conjunction with the two methods above, tripling down on your high-security RDP forcefield for better protection. In short, MFA allows you to login to your RDP and then authenticate that login by other means such as SMS, automated phone call, email or an app on your phone.
Once authenticated by your second device, you and only you can partake in that session.
Use a VPN
Installing a VPN helps administrators to limit unauthenticated users. With software like FortiClient. SSL and IPSec VPNs are used to provide a secure and reliable solution to attempted RDP attacks without the user needing to know the nitty-gritty on security and protection.
Once your remote desktop server is secure, you can continue to work from home or from the beach, if you want to.
It’s always better and cheaper to protect yourself and your company in advance. To learn more about IT Security, please contact us.