RDP Security — How to Secure Remote Desktop Protocol

What is remote desktop protocol?

The Remote Desktop Protocol (RDP) enables remote employees to use Microsoft Windows at an off-site location by accessing an RDP server. This helps hybrid and remote workforces maintain productivity no matter where they work.

The number of people using remote access has increased dramatically in recent years. Unfortunately, cybercriminals were ready to take advantage of that influx of remote users:

• RDP attacks increased 768% between Q1 and Q4 last year 
• Kaspersky reported 377.5 million brute-force attacks targeting RDP in February 2021
• IT professionals report the biggest threats companies face with remote workforces are phishing attacks (71%) and malware (61%)
• ZDNet reported that nearly half of ransomware attacks start with a compromised RDP
• In 2020 there were 304 million ransomware attacks, a 62 percent YoY increase

A remote desktop connection is convenient, but unlike on-site workstations, it requires opening up and forwarding ports in the firewall and router to grant access, which removes a layer of protection.

Off-site work is here to stay, so we're taking a look at the major benefits of RDP access as well as RDP security measures you can take to mitigate vulnerabilities that hackers exploit. 

Note: Microsoft Remote Desktop RDP clients are available for Windows, Android, iOS, and macOS operating systems.

Major benefits of RDP

Access and Productivity — RDP connections allow employees all over the world to access desktop resources that they need, without having to be on-premises. This increases productivity, and helps prevent issues that might arise with remote work (e.g., insufficient computing power, file access). Beyond workstation access, RDP can be used to access a Windows Server, whether it's hosted on a server on-premises, or with a cloud provider.

Device Compatibility — People naturally have device and operating system preferences. Fortunately, remote desktop service eliminates configuration issues. The team can easily connect to the remote desktop with RDP clients and get to work.

Security — The cloud delivers by providing more robust security — especially if you take advantage of the options we explore below and craft a multi-layered security solution.

Administrative Access — Remote access networks have a less complex infrastructure that’s easier for administrators and employees to use. Administrative tasks (e.g., tune-ups, troubleshooting, ID security settings, software installation, printer setup, email setup, virus, spyware removal) can be handled no matter where the employee is.

Reduced Costs — Moving to the cloud usually reduces costs, and that’s the case with RDP. A cloud-based remote desktop setup provides more storage at less cost. It also streamlines day-to-day functions so IT can focus on more critical issues.

How to Secure RDP

So, what's the difference between RDP and Secure RDP? You create the latter by creating and enforcing a security policy. The following are individual elements that, combined, create a robust cybersecurity policy that helps prevent cyberattacks.

Strong Passwords: Successful brute-force attacks require little effort by cybercriminals; they just try username/password combinations until they get it right. Think of it like trying every key on a keychain until one matches the lock. Hackers have plenty of time on their hands and will try every key — or username/password combo — until they hit the jackpot. The stronger your passwords, the less effective this tactic will be. 

Multi-Factor Authentication (MFA): Also known as two-factor authentication or 2FA, MFA requires users to verify their identity with credentials above and beyond the username and password. Common user account credentials include verification codes, PINs, fingerprints, and keys or cards that generate random codes (e.g., YubiKey). Two categories of credentials are used to reinforce security, and too many login attempts result in a lockout. Administrators can set lockout policies for the network they oversee.

Network Level Authentication (NLA): NLA delegates a user's credentials from the client through a client-side Security Support Provider, then prompts the user to authenticate before establishing a server session. This ensures the user connects to the correct server.

Firewall: Windows Firewall, built into Windows Server, protects Windows systems from network-based threats. It does this by controlling who has system access and how much access is allowed. You can control who has access to your system and what access is granted. Unless an alternate firewall is enabled, do not disable Windows Firewall. 

Remote Desktop Gateway (RDG, RD Gateway): This Windows Server role enables a secure, encrypted server connection through the RDP. To improve control, RDG removes remote user system access and replaces it with a point-to-point remote desktop session. RDGs can be configured to allow users to connect to internal network resources from external networks.

Terminal Services: The Terminal Services feature of Windows Server is known as Remote Desktop Services. This allows users to remotely access apps and data. Terminal Services enhances security by allowing network administrators to restrict access from a single point and limit remote site data accessibility.

Virtual Private Network (VPN): VPNs are a critical, extra layer of RDP security. Any RDP network on the public internet is at risk. Isolate it behind the encryption and privacy of a VPN. CloudConnexa, our next-gen VPN offering, conceals IP addresses and eliminates the need for VPN server installation.

Conclusion

Remote desktop access is a game changer for remote and hybrid workforces. It's imperative that an organization's network admins develop a multi-layered solution to secure remote access. The good news is that the prevalence of cloud computing, and advanced security solutions such as the next-gen OpenVPN tools, give network administrators a variety of options to secure remote desktops for off-site workers.