Remote Desktop Protocol (RDP)

RDP (Remote Desktop Protocol) is a proprietary protocol developed by Microsoft that allows communication between a terminal and a Windows server when executing applications. It means that computers can be accessed remotely without being physically in front of them.

Remote access follows the client-server model. The computer you want to access is the server, and the devices that connect to it are the clients. By enabling this functionality, a port, commonly 3389, is “opened” on the server. Ports can be understood as the entry and exit routes of information to the Internet. If communication is not made on the correct port, it will be denied.

The operation of the protocol is as follows, the graphic information generated by the server is converted to its own RDP format and sent through the network to the client, who will interpret the information contained to reconstruct the image to be displayed on the screen. Regarding the introduction of orders by the user, what is pressed on the keyboard and the movements of the mouse will be redirected to the server. For better performance on slower networks, the protocol allows all information exchanged by client and server to be compressed.

This service has different types of applications: it is frequently used for remote access in the administration of computers, but it is also increasingly used in the management of terminal services or thin clients.

RDP is also one of the targets of cybercriminals, becoming a significant risk for organizations if they do not have sufficient security measures.

The first security aspect in any system is that all software is updated to the latest version available. Thus, public vulnerabilities cannot be used to attack the organization.

Using virtual private networks or VPN as a gateway between the RDP server and the user will minimize the risks of suffering a security incident. A VPN creates an encrypted connection between both devices, greatly increasing the privacy of communications.

Many of the attacks are carried out using generic user names such as Administrator, therefore it will be necessary to use user names that are not common. It is also common for attackers to try to use weak passwords, so a strong password will greatly reduce the possibility of unauthorized access.

Brute force attacks base their operation on testing possible user names and passwords until they gain access or decide to abandon the attack in search of another target. It is recommended to apply a security policy that, after several unsuccessful attempts, restricts user access for a certain time. The blocking time increases depending on the number of unsuccessful attempts, completely blocking the user.

A two-factor authentication system can also be used to access the remote desktop. In which, in addition to knowing the username and password, it will be mandatory to know the third piece of information, a code generated at the time. Preferably, specific applications would be used as a two-factor authentication mechanism instead of SMS messages, which may be more vulnerable to attacks.

Sometimes you can change the port used by default to connect by RDP (3389). This is known as security by obscurity.

Probably not all users in the organization should have access to the remote desktop, so it should be limited to those strictly necessary. In this way, the risk of a cybercriminal gaining access fraudulently is reduced. It is recommended to use NLA (Network Level Authentication), whereby users must authenticate on the network before attempting to access the RDP server. NLA adds a layer of security against possible attacks but in any case, you must keep the list of enabled accesses updated, without forgetting to supervise and monitor remote accesses. In that scenario Buy RDP to have the control.

In the firewall or firewall it is also recommended to create specific rules to restrict access to the remote desktop server. This filtering can be done by means of IP addresses, allowing only those associated with authorized computers to access.

Using a remote desktop system can be a great help when performing daily work functions, but it can also be a gateway for cybercriminals. Protecting your access by implementing security policies and measures will be vital to avoid being the victim of a security incident.