With working from home being the new normal during the COVID-19 crisis, it is still important to secure Microsoft Remote Desktop Protocol (RDP) if your organisation uses it. Keep your installation of RDP updated, protect it with a strong password, strongly consider enabling Network Level Authentication (NLA), accessing it via firewall, by using a VPN, enable 2 factor authentication and restricting access to only those that use it.
Late last month the online search engine, Shodan provided details of one the online activity changes they witnessed when lockdown in many countries took effect around the world. The number of Remote Desktop Protocol (RDP)(defined) connections being exposed to the internet rose as more people sought to work from home while still accessing their companies’ systems:
Other notable findings were:
- Shodan’s operators also noticed that some organisations were attempting to hide the presence of exposed RDP connections by using port 3388 rather than the default well known port 3389. This provides a false sense of security since it will not stop a determined attacker from locating an exposed RDP connection.
- 8% of the systems with RDP ports exposed across the world were still vulnerable to the critical vulnerability known as BlueKeep (CVE-2019-0708) (patched in May 2019). Others were vulnerable to DejaBlue (CVE-2019-1181 and CVE-2019-1182)(patched along with other vulnerabilities in August 2019).
- Industrial Control Systems (ICS)(defined) were among the systems exposed on the internet.
How can I protect my organisation if they (or I) need to use RDP for remote access during the lockdown period?
Strongly consider increasing the strength of your RDP access password to 12 characters or more.
Keep your RDP installation up to date (please see the above links for the necessary patches to BlueKeep and DejaBlue).
Strongly consider at least one of the following safeguards (2 or more recommended):
For ICS systems only:
Managing Remote Access Best Practices (PDF)
- Enable network level authentication (NLA)
- Place a hardware or software firewall between your Remote Desktop Gateway Server and the internet. (firewall: defined)
- Set up RDP to use a VPN(VPN: defined)
- Enable 2 factor authentication (also called multi-factor authentication)(usually paid for commercial solutions).
- Restrict RDP to the users to only those that need it.
Thank you and stay safe.