The Remote Desktop Protocol (RDP) is a proprietary network protocol from Microsoft. RDP enables a person to control a computer’s resources and data over the Internet. This protocol enables complete control over the desktop of a remote machine by transmitting inputs such as mouse movements and keystrokes and by returning a graphical user interface.
In order for a remote desktop connection to be established, the local and remote computers must authenticate themselves with a user name and password. Cyber actors can infiltrate the connection between the machines and inject malware or ransomware into the remote system. Attacks using the RDP protocol do not require user input, making intrusions difficult to detect.
Deactivation Of RDP Access On Computers
In a public warning: Remote administration tools, such as the RDP, have been on the upswing for 3 years, especially since RDP access data has been offered in the Darknet. Cyber criminals have developed methods to identify and use vulnerable RDP sessions over the Internet. This lets access to identities, steals credentials and removes other sensitive information. The Department of Homeland Security recommends companies and individuals to check what remote access their networks allow and what is possible with it. Then measures must be taken to reduce the likelihood of compromise. This also includes the deactivation of RDP access on computers if they are not required.
Recommendations For Protection
The use of RDP poses risks because it enables a system to be completely remote controlled. Therefore, RDP usage should be closely regulated, monitored and controlled. Experts recommend implementing the following best practices for protection against RDP-based attacks:
Check your network for systems that use RDP for remote communication. Disable the service when you don’t need it or install available patches. Verify that all cloud-based instances of virtual machines with a public IP have no open RDP ports, unless there is a valid business reason.