Managing RDP Security Risks to Block Ransomware Attacks
Remote working is becoming widespread for social and economic reasons, and one of the key enablers is the Remote Desktop Protocol (RDP). However, RDP is one of the most popular initial cyber-attack vectors, which is all too often overlooked. This leadership brief details the security risks associated with RDP and provides recommendations for reducing the likelihood of attackers exploiting this legitimate network admin tool to carry out malicious activities undetected.
1 Executive Summary
The digitization of enterprises in the pursuit of cost savings and efficiencies has led to an increase in the ability to access business-critical operational and information technology systems remotely, enabling further savings and efficiency gains. But remote access has also opened the door to cyber attackers, and represents a significant risk that many organizations are still failing to address.
One of the key enablers of remote access is the Remote Desktop Protocol (RDP) originally developed by Microsoft to enable network administrators and support technicians to maintain, diagnose, and fix problems remotely, while employees can access their work computers without leaving home or while travelling on business anywhere in the world.
RDP enables users to connect to another computer in a remote location via a graphical interface to control a remote desktop session and delete or copy text between applications running on the guest and host machine. This is extremely useful for remote working and troubleshooting, which is driving the extensive use of RDP in Operational Technology (OT) networks as well as IT networks. It is much more cost effective to maintain OT systems remotely than to keep a dedicated team at each site or sending technicians to work on site.
Consequently, RDP is one of the most widely used remote access protocols, but it should be noted that alternatives do exist to meet a range of specific needs.
Growing use of remote access to IT systems
Remote access by employees was gaining momentum with each improvement in IT and OT systems that provided additional support, but the Covid-19 pandemic accelerated this trend. As a result, an unprecedented number of people are working from home, and many appear to be set to continue doing so.
Not only does remote working cut commuting time and cost, and enable a better work-life balance, but it means organizations can hire the best available talent wherever they may live, and that people can pursue job opportunities without having to relocate.
Remote working is now increasingly common, with RDP clients available for most versions of Windows, macOS, Linux, Google Android, and Apple iOS, providing connections between clients, servers, and virtual machines.
Many organizations failing to address RDP security risks
While RDP potentially provides an impressive array of security capabilities, including smart card authentication, 128-bit encryption for data, and TLS security, not all RDP clients support these features under all circumstances. In addition, many organizations are failing to address known RDP vulnerabilities, with many patches not applied three or more years after their release.
When used in accordance with best practices, RDP can be extremely beneficial because it not only allows employees at companies with legacy on-prem IT infrastructure to work remotely, but it also means data can be securely stored and encrypted using cloud servers, and it provides a simpler and easier alternative to using Virtual Private Network (VPN) connections.
Follow RDP best practices to ensure security
However, as already mentioned, all RDP clients are not created equal and failure to follow best practices has the potential to enable cyber attackers to exploit RDP vulnerabilities to hash attacks, computer worms and other malware, brute force attacks and man-in-the-middle (MitM) attacks. Unless adequately secured, RDP can become a gateway for attackers to get a foothold in a target network, escalate privileges, access and steal sensitive information, and install ransomware and other malware.
This leadership brief offers an overview of the risk posed by RDP connections to help organizations to understand the true scale and nature of that risk, and provides recommendations for organizations to follow that will help to mitigate that risk and enable them to reap the benefits of remote working without compromising security.
Full article is available for registered users with free trial access or paid subscription.
Register and read on!
Sign up for the Professional or Specialist Subscription Packages to access the entire body of the KuppingerCole research library consisting of 700+ articles.