During the COVID-19 pandemic, many organizations have implemented various policies and procedures to allow some or all of their workforce to work remotely. Solutions such as virtual desktop and application portals, virtual private network (VPN) access, and Remote Desktop Protocol (RDP) servers can provide access to remote workers and ensure that business operations continue. With malicious actors on the lookout for vulnerable systems that they can exploit, organizations need to take steps to secure these remote solutions.
While brute-force attacks against public-facing RDP endpoints are often being attempted, the significant increase in the amount of RDP endpoints that have been detected on the Internet since the COVID-19 pandemic began has resulted in a subsequent surge of criminal interest and intrusion attempts. If a cybercriminal (or group) can successfully access an organization’s RDP endpoint, they’ll be able to then access the organization’s other systems and confidential data.
Some of the steps that an organization can take to protect their systems from intruders include:
- Ensure that users are using strong passwords or passphrases
- Enable Multi-Factor Authentication (MFA) for remote connections (and potentially internal connections, as well)
- Require a VPN connection to connect to RDP endpoints, rather than having them be facing the public Internet
- Enable Network Level Authentication (NLA) to ensure that users must provide valid credentials before establishing the RDP session
- Ensure that available security patches for any systems used for remote access have been applied
- If RDP is not used, disable the service altogether and block traffic over port 3389 at the perimeter firewall
- Educate all users on the organization’s security requirements and best practices for connecting remotely
- Implement security, monitoring, and alerting solutions that can report any strange activity on or originating from RDP endpoints
Safeguarding RDP endpoints against attacks is more critical than ever. Appropriate remediation and mitigation steps will reduce the risk to your organization now and in the future.
