BACKGROUND
A way for employees to access corporate devices is by using Remote Desktop Protocol (RDP). Remote Desktop is a remote management tool which allows you to connect to any computer and take over the desktop. It’s like you are sitting and looking at your own computer, only remotely. It is highly used especially during this pandemic situation, for those who have moved to work from home. If poorly configured, it might be vulnerable to attacks.
IMPACT
- RDP devices are exposed to the internet
- RDP ports and services are being used as the initial attack vector in ransomware attacks.
- Brute-force attacks have been increasing
- After successfully gaining credentials, attackers get full access to the corporate IT resources
- Leakage of sensitive information
- Spread of malware infection
RECOMMENDATIONS
- Use strong and complex passwords on RDP servers
- Use corporate VPN when connecting remote devices
- Use two-factor authentication where possible
- Disable RDP port (3389) when not in use
- Enable account lockout policies to block brute-force attacks after number of failed login attempts
- Enable account audit policies to see login errors