Implementing RDP can be a challenge – here are a few steps you can take to secure its use
often exploited Remote Desktop Protocol (RDP) is in the news again.This time, it has a new attack vector researchers found and subsequently Patched earlier this month by Microsoft. Given that all versions of Windows from the past 10 years (both desktops and servers) need to be patched, you should put this on your priority list, especially since this new problem is so easy to exploit.
RDP plays an important role in today’s connectivity. It is often used as a way to provide remote access so that users don’t need to be physically present at their computer or server.However, this utility brings a dark past to the protocol and makes A security hole in RDP. One of the most notorious attacks is BlueKeep, we it happened in 2019. This is a full-blown remote execution vulnerability that triggered an NSA warning for quick patching.
As a side note, responses to BlueKeep include Help from Marcus Hutchins, who found the block WannaCry Outbreak Back in 2017.We also wrote about how RDP became a more common way Ransomware attack can be launched Can also be used to launch denial of service attacks.
In the latest version of the RDP exploit, hackers can access data files using a man-in-the-middle attack across Windows functions called named pipe. This is a feature of Windows created over 30 years ago to provide application-to-application communication that can connect processes on the same computer or across a network.
RDP needs to be implemented carefully as the protocol itself does not have any inherent security features (e.g. Domain Name System or email agreement). In fact, you might say it has inherent insecurities, including:
- A well-known TCP/IP port (3389): easily tracked by hackers.
- Weak login credentials: If the user’s Windows login is weak, hackers can use Credential stuffing or a brute force attack to break this password.
- Many Ways to Take Advantage of Remote Connections: The latest issue (named pipes) is just one of the many ways an attack can worm your way into your system. They can bring up the Display Options or Help menu when connecting to the remote gateway for the first time, both of which can allow file directory browsing, or bypass file execution block lists.
All of these create challenges for the implementation of RDP. Here are a few steps you can take to make it safe to use:
1. Disable RDP when not needed. You should try this when you tinker with everything, because Microsoft recommends.
2. Use better passwords, especially on your local Windows device.use password manager and single sign-on tools. No doubt you’ve heard this advice before, but it’s still key!
3. Lock port 3389, via your network firewall or other security tools. This can be tricky because many users may need remote access, and all it takes to launch an RDP attack is to compromise a single desktop.
4. Invest in better antivirus software. Remote Access Shield Yes Avast Advanced Security Can prevent RDP exploits.
5. Create more effective Active Directory group policies Block and allow remote running of specific applications and remote help options. Also, be sure to audit who has administrative rights to ensure the absolute minimum number of people have access.
