Security Measures You Need to Take When Using Remote Desktop
It seems there’s not a day that goes by that cybersecurity isn’t being threatened by the likes of criminals and other ill-intentioned folks. At such a pivotal moment, millions of workers everywhere are transitioning to remote work, many for the first time. Businesses worldwide are trying to develop solutions that are as affordable as possible while still generating the amount of work necessary to keep operations growing.
With so many new connections coming online, cybersecurity measures need to be as robust as ever. Since the beginning of the COVID-19 pandemic, Remote Desktop Protocol, or RDP, usage has dramatically increased. Curtis Dukes, CIS Executive Vice President & General Manager, Security Best Practices, said, “Remote environments have always been a desired target for attackers to conduct a cyber-attack, and COVID-19 has increased that attack surface.”
Minimizing RDP Vulnerabilities
1. Place RDP-enabled systems behind a Remote Desktop Gateway (RDG) or virtual private network (VPN)
This shuts off access to the remote desktop environment through a second (and sometimes third) layer of protection. Consider implementing 2FA in conjunction with the RDG or VPN for an even more secure barrier to entry.
2. Update and patch software that uses RDP
This will ensure that any vulnerabilities are successfully patched. Your IT team should be able to handle mass updating, and if not, make sure that when an update is posted, it’s communicated to employees how important it is to update.
3. Limit access to RDP by internet protocol (IP) and port
Port 3389, anyone? Feeding off of point number one, you never want to have access to your remote desktop environment available to the outside world.
4. Use complex, unique passwords for RDP-enabled accounts
Using longer and more complicated passwords is always harder for criminals to guess or attempt to brute force. Additionally, require that all passwords are changed fairly often. It’s also common practice that passwords cannot contain whole words. While remembering or writing down long passwords can be a pain for employees, the safety of the company’s data is much more painful to recover, guaranteed.
5. Implement a session lockout for RDP-enabled accounts
Session lockouts help prevent brute force attacks by disabling access after a certain number of failed login attempts. Be sure that access can only be restored by the IT team. When this event occurs, it’s a good idea to have them check the logs to see if an unknown IP was trying to gain access.
6. Disconnect idle RDP sessions
If a machine is infected, the criminal may not be so brazen as to immediately start attempting to attack or break-in. A compromised system can be surveilled until the right moment for cybercriminals to launch an attack. Disconnect idle sessions after a specific duration of time that requires the user to log in again.
7. Secure Remote Desktop Session Host
By utilizing the RD Connection Broker, companies can further protect the host from direct cyberattacks, whether they’ve penetrated security parameters through guest machines or other network interfaces.
Other Remote Desktop Security Measures
Two-Factor Authentication (2FA)
2FA creates an extra layer of security for online accounts beyond a standard username and password. You may already be familiar with 2FA in many daily-use applications, such as banking logins, gaming logins, and e-mail verification. This extra barrier to entry can help prevent unauthorized access to system critical functions and data should a cybercriminal infiltrate one of the many remote devices that will log in to your company’s infrastructure.
Remote Device Management
Assuming employees log in on company-provided computers, it’s a great idea to closely monitor what sort of activity is handled on these machines. Strict rules around the types of work that can be completed on these machines should be enforced. It only takes one of these computers to get compromised to bring down your entire work system.
The most significant to cyberattacks and digital theft would be proper employee training that’s both reoccurring and tested. Conduct weekly safety meetings that help reinforce the importance of protecting company IT assets. Remind them that passwords will be changed every certain number of days and give them tools to help identify when an attack may be occurring.
Bolstering Your Remote Desktop Experience
Security is always important. Besides the tips on this list, be sure that any time a hardware change is completed, IT teams take the time to properly reconfigure it. There’s a story about a company that performed a firewall change; after the hardware was swapped out, the IT technician forgot to check a single box that was responsible for blocking remote desktop access through an external IP address. This one small oversight allowed a malicious payload to be injected through a local admin account, causing costly ramifications and locking their IT systems up for several days before they could be fixed.
With that in mind — always be safe, and call us if you need any help with remote desktop security.