THE COMPUTER HEALER L.L.C OKEMOS, LANSING,MICHIGAN
  • Home
  • Business
  • Residential
  • Costumer Reviews
  • Data Recovery
  • Tips Blog
  • Android / Apple Devices Support
  • Flat-Rate / Rate list
  • Conference Calls
    • Cisco Webex
    • ConferenceCall
    • Uber Conference call
  • Virtual emulators
    • Virtual desktops
    • linksys GUIs
    • Dlink emulators
    • Netgear emulator
    • Trendnet emulators
  • Disclaimer
  • Contact Us
  • SBS 2011 Demo

What is RDP (REMOTE DESKTOP)

7/17/2020

0 Comments

 
What is RDP?RDP, or the Remote Desktop Protocol, is one of the main protocols used for remote desktop sessions, which is when employees access their office desktop computers from another device. RDP is included with most Windows operating systems and can be used with Macs as well. Many companies rely on RDP to allow their employees to work from home.
What are the main RDP security vulnerabilities?A vulnerability is a gap or an error in the way a piece of software is constructed that allows attackers to gain unauthorized access. Think of an improperly installed deadbolt on the front door of a house that allows criminals to break in.
These are the most important vulnerabilities in RDP:
  1. Weak user sign-in credentials. Most desktop computers are protected by a password, and users can typically make this password whatever they want. The problem is that the same password is often used for RDP remote logins as well. Companies do not typically manage these passwords to ensure their strength, and they often leave these remote connections open to brute force or credential stuffing attacks.
  2. Unrestricted port access. RDP connections almost always take place at port 3389*. Attackers can assume that this is the port in use and target it to carry out man-in-the-middle attacks, among others.
*In networking, a port is a logical, software-based location that is designated for certain types of connections. Assigning different processes to different ports helps computers keep track of those processes. As an example, HTTP traffic always goes to port 80, while HTTPS traffic goes to port 443.
What are a few ways to address these RDP vulnerabilities?To reduce the prevalence of weak sign-in credentials:
Single sign-on (SSO): Many companies already use SSO services to manage user logins for various applications. SSO gives companies an easier way to enforce strong password usage, as well as implementing even more secure measures like two-factor authentication (2FA). It is possible to move RDP remote access behind SSO in order to shore up the user login vulnerability described above. 
Password management and enforcement: For some companies, moving RDP behind SSO may not be an option. At the bare minimum, they should require employees to reset their desktop passwords to something stronger.
To protect against port-based attacks:
Lock down port 3389: Secure tunneling software can help stop attackers from sending requests that reach port 3389. With a secure tunnel in place, any requests that do not pass through the tunnel will be blocked.
Firewall rules: It may be possible to manually configure a corporate firewall so that no traffic to port 3389 can come through, except traffic from whitelisted IP address ranges (e.g. the devices known to belong to employees). However, this method takes a lot of manual effort, and is still vulnerable to attack if attackers hijack a whitelisted IP address or employee devices are compromised. In addition, it is typically very difficult to identify and whitelist all employee devices in advance, resulting in continual IT requests from blocked employees.
What other vulnerabilities does RDP have?RDP has other vulnerabilities that have technically been patched, but which are still severe if left unchecked.
One of the most severe vulnerabilities in RDP is called "BlueKeep." BlueKeep (officially classified as CVE-2019-0708) is a vulnerability that allows attackers to execute any code they want on a computer if they send a specially crafted request to the right port (usually 3389). BlueKeep is wormable, which means it can spread to all computers within a network without any actions from users.
The best defense against this vulnerability is to disable RDP unless it is needed. Blocking port 3389 using a firewall can also help. Finally, Microsoft issued a patch that corrects this vulnerability in 2019, and it is essential that system administrators install this patch.
Like any other program or protocol, RDP has several other vulnerabilities as well, and most of these can be eliminated by always using VPN to the network with max number of password layers.
0 Comments



Leave a Reply.

    Archives

    May 2021
    April 2021
    November 2020
    July 2020
    June 2020
    April 2020
    January 2019
    November 2018
    June 2018
    May 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    July 2017
    June 2017
    May 2017
    March 2017
    February 2017
    August 2014
    September 2012
    November 2011
    November 2010
    June 2010
    May 2010

    RSS Feed

    Legal Disclaimer:

    Thecomputerheale.com makes no claims about the efficacy of the information contained in the documents and related graphics published on this website for any purpose. All information, documents and graphics are provided "as is" without any kind of guarantee of effectiveness. Thecomputerhealer.com  hereby disclaims all responsibility for the manner in which the information offered on this website is used by you.

    In no event shall Thecomputerhealeronline.com be liable for any special, indirect or consequential damages or any damages whatsoever resulting from the loss of use, data or profits arising out of or in connection with the use or performance of information available from this website.

    The documents and related graphics published on this website may include technical inaccuracies or typographical errors. Changes are periodically added to the information on this website. Thecomputerhealer.com  reserves the right, at its discretion, to change or modify all or any part of this agreement and the content on website at any time, effective immediately upon publication of this notice.

    Your continued use of this website constitutes your binding acceptance of these terms and conditions, including any changes or modifications made by Thecomputerhealer.com as permitted above. If, at any time, the terms and conditions of this agreement are no longer acceptable to you, you should immediately cease using this website.
© 2021  The Computer Healer L.L.C     Call : 1-248-716-0788      for Onsite Certified Techs
  • Home
  • Business
  • Residential
  • Costumer Reviews
  • Data Recovery
  • Tips Blog
  • Android / Apple Devices Support
  • Flat-Rate / Rate list
  • Conference Calls
    • Cisco Webex
    • ConferenceCall
    • Uber Conference call
  • Virtual emulators
    • Virtual desktops
    • linksys GUIs
    • Dlink emulators
    • Netgear emulator
    • Trendnet emulators
  • Disclaimer
  • Contact Us
  • SBS 2011 Demo