Securing your Remote Desktop Protocol (RDP)
If you ever needed to remotely access employees’ computers, you have likely used Microsoft’s Remote Desktop Protocol (RDP) function. However, have you taken the necessary steps to ensure that no one else can access the data while you are working on the laptop? RDP has a number of vulnerabilities that can be exposed when connected to the internet. Canda is here to explain everything you need to know about using and securing RDP to increase your cybersecurity and prevent any potential cyberattacks and data leaks!
RDP might seem like the simplest and most accessible way to work on other employees’ computers remotely. During COVID and lockdowns, many organisational members have to work from home, with their usual devices set up on their personal internet connection. This already poses several cybersecurity risks; however, they also often need external help from their IT professionals to set up a device, sort connection issues, and access internal documents. Various organisations have increasingly used RDP in recent times, which means that many hackers and cybercriminals have targeted this function. This is one of the most common vectors that lead to ransomware attacks and therefore needs to be handled with care. The following tips will help ensure that you protect organisational networks while working on them remotely!
Securing your RDP
• Do you need to use an RDP server?
Using RDP may be the simplest and quickest way to access a computer remotely, but it may not even be needed. If you are accessing applications, you could make these available directly over a VPN connection. Another solution is to purchase remote control products, as both of these are more secure than the RDP server. Ensure that the need to use RDP is really warranted and that other more secure methods are not feasible first.
• Harden the RDP Server
Ensure that both the Server and Client devices are appropriately locked down, with known users, appropriate passwords and endpoint security controls and policies.
Make sure that the RDP server has multi-factor authentication (MFA) enabled and that access is locked down to specific (IP address) restricted locations using network-level authentication (NLA). Ensure that server devices (printers/USB etc.) cannot be re-directed.
Patch the server regularly and enable only the required ports and services for use. Ensure appropriate lockout controls are configured and that no passwords or sensitive data can be stored on the server.
• Use site-to-site VPN if using an IT service provider
If your organisation uses an IT service provider to remotely access devices, you should use a site-to-site VPN, which means that multi-factor authentication can be configured on each application and system that is accessed over the VPN. This ensures that all networks are protected, and the necessary steps are taken to eliminate unwanted access.
• Ensure that all access is logged and monitored
Log all server activity to a central logging facility securely. Monitor the log for nefarious activity and that only authorised access is being conducted via RDP.
• Ensure RDP is not directly exposed to the internet
Employ a security gateway and firewall to secure your network (to ensure boundary security is in place and effectively protecting your network). Hackers are constantly searching for internet-facing RDPs, as it is a relatively simple way for them to access organisational data. Try to always be on the internal network or use a VPN, as mentioned above.
Get help from Canda
If your organisation regularly uses RDP and you want to ensure that you aren’t exposed to cyber attacks, follow our above-mentioned tips. Get in touch with us if you have any further questions, and make sure that your company is as protected as possible! We will offer our cybersecurity expertise and provide additional ways in which you can prevent ransomware attacks and data leaks.