Threat Of Using Remote Desktop

Accessing your servers’ or workstations’ desktops remotely is a great way to manage them. It’s also a huge target for hackers, moreover RDP and remote desktop port number is common!

Hacks on Remote Desktop Protocol (RDP) can be very bad.

In this context, although we will mainly say “RDP”, we mean all kinds of remote desktop and remote access software, including VNC, PC Anywhere, TeamViewer and so forth, not just Microsoft’s RDP. The good news is there are many defenses against RDP attacks, starting with turning it off. If you don’t really need remote access, the ‘off’ switch is the simplest.

If you do need to allow such access, there are a variety of ways to restrict it to the good guys:

First off, allow access only from internal IP addresses coming from your company’s VPN server. This has the added benefit of not exposing RDP connection ports to the public internet.

Speaking of exposing ports, if that’s your only choice, you may want to serve up RDP on a non-standard port number to avoid simplistic worms from attacking your network through its RDP ports. Keep in mind, though, that most network scanners check all ports for RDP activity, so this should be viewed as “security through obscurity”, since it provides practically no additional security against modestly sophisticated attackers. You will have to be extremely vigilant about reviewing network access and login activities in your RDP server logs, as it may be more a matter of when and not if an attacker accesses your network.Second, make sure to enable Multi-Factor Authentication (MFA) for remote users as another authentication layer, which we discussed in Work from home: Improve your security with MFA.

Third, whenever possible, only allow incoming RDP connections from your users’ public IP addresses. The easiest way for remote employees to look up their public IP address is to search Google for what is my IP address and the first result will be their IP address. Then your remote workers can provide that information to your IT/Security staff so that your company or organization can build a whitelist of allowed IP addresses. It is also possible to build a whitelist of allowable IPs by allowing their subnet, since dynamic home IP addresses would normally still fall within a subnet after a router reboot or other network maintenance on the client end.