Remote Desktop poses an interesting dichotomy to businesses. On one hand, it provides a simple way to maximize office efficiency. It can boost profit margins and save money with a simple investment in the right technology. It can boost employee productivity and allow a company to easily manage and access data.
However, Remote Desktop access is also used by fraudsters to steal and profit from data. In the era where mega-retailers and other organizations are suffering data breaches regularly, it can be worth it to evaluate how safe remote desktop is and how it can be secured.
Many businesses use remote desktop to grant remote employees access to the network. But it also opens organizations up to being targeted and hacked.
Risks Associated with Remote Desktop: How Do Cybercriminals Exploit RD?
Criminals understand the type of sensitive data that a business possesses and how to remotely access it. They have spent years developing tools specifically for the task of seeking out remote access points on the internet. Once they discover a potentially vulnerable target, criminals can access sensitive data, hijack login credentials, steal identities, and potentially deploy ransomware. In some cases, criminals may choose to simply sell access via remote desktop credentials.
When a business is targeted, overcoming password protection is fairly simple. This single-factor authentication method is the only thing standing between cybercriminals and sensitive data. It is as easy as a guess of a password, in which bad actors can use computing power to speed up. With just one factor to defeat, the hacker has unlimited attempts to overcome and guess a user’s password. As a business grows and adds more accounts, older unused accounts present a larger attack surface. What’s more, hackers can access compromised or stolen credentials from previous breaches to streamline their attacks.
Here are a few risks associated with remote desktops:
RDS Exposed on the Internet
By default, only administrator-level users can log into RDS; however, in some cases, untrusted users on the internet may attempt connections if RDS is exposed to the internet. This opens the service up to brute force attacks.
Man-in-the Middle Attacks (MiTM)
Remote Desktop encrypts data between client and server, though does not authenticate or verify the identity of the Terminal Server, leaving communications open to interception by malicious actors. If a bad actor is able to hack into the connection between client and Terminal Server via ARP (Address Resolution Protocol) spoofing or DNS (Domain Name System) spoofing, a MiTM attack may result.
In an environment using mixed or earlier-version clients, it should be noted that the encryption setting is typically “Client Compatible.” This could default to weak encryption, allowing for easier decryption of sensitive information.
Denial of Service (Network Level Authentication)
Some Terminal Servers do not have Network Level Authentication (NLA) configured, leaving a gap in defense of Denial of Service attacks. Without forcing a client computer to provide user credentials for authentication prior to the server creating a session for that user, malicious users can make repeated connections to the service, preventing other users to legitimate use it.
How Likely Are These Attacks to Happen?
According to one cyber insurance company, 30 percent of its customers use Remote Desktop. That same company has identified more than 3 million IP addresses with Remote Desktop Protocol (RDP) available on the internet, with nearly one-third located in the U.S.
There is a broad risk area that makes it essential for companies to secure RDP. Some ways to do this include:
Limiting RDP Users
Businesses can limit who has login access as well as who can add or remove accounts from the user group. This should be monitored and restricted on a “need to know” basis.
Use a Virtual Private Network (VPN). Using a VPN connection can add an extra layer of security to the system. VPN requires that a connection is made to the secure private network before it is made to your server. That secure private network is encrypted and hosted outside of your server. Any connection attempts made from outside IP addresses will be rejected.
Use a Remote Desktop Gateway (RDP)
RDP gateways remove remote user access to your system and replace it with a point-to-point remote desktop connection. This means users navigate to a login page requiring credentials where they can connect to the network via a firewall. When paired with a VPN, this enhances security even further.
The use of Transport Layer Security Authentication, high level encryption, and Network Level Authentication are also highly recommended. While remote desktops can be highly beneficial to the efficiency of a business, they can also pose a big risk. Multifactor authentication is a must, but considering additional security measures can be beneficial, too. Ensuring the security of RDP can protect your information — and your bottom line.
About the Author: Jerry Vasquez
A self-professed pirate captain with two decades of leadership experience, Jerry Vasquez has lead teams from 60+ cooks and chefs to 16 Networking engineers to now Product Manager for Managed Hosting at Liquid Web.