Here’s What Remote Workers Should Know About RDP Security

Remote desktop protocol (RDP) is a way of remotely accessing a computer or server without being in the same physical location as the machine in question. Let’s say a remote worker on a three-month stint in southern Italy needs to use the office computer — that’s where an RDP connection comes into play.

Unfortunately, due to the open nature of RDP, it’s a gold mine for hackers and cyber thieves. But how exactly does it work? And how can you keep yourself from being hacked?

By understanding the security risks, practicing good internet hygiene, and using a VPN with antivirus protection, you should be able to use this valuable tool without becoming a victim. Here’s what to know.

What is RDP?

Remote desktop protocol (RDP) is a Microsoft-developed protocol for network communications on Windows. RDP gives workers access to their physical computers and employer servers even if they’re halfway worldwide. It also allows administrators or IT teams to check on a machine remotely. This could be for maintenance, upgrades, security updates, or anything else they may want to do on the computer.

RDP became especially important during the pandemic. When workers and students went remote in 2020, the use of RDP jumped 41% in the first few weeks of March alone.^[1] Teachers could access their school servers with all their lesson plans and notes, and workers could pull up their files without using file-sharing sites such as Dropbox.

It’s an extremely useful tool, but if you don’t properly secure your device, cybercriminals can misuse it.

How does RDP work?

RDP is a fairly complicated protocol that results in the ability to share data between machines. Let’s look at it as if you were a remote worker wanting to access the company database in a remote desktop session. Essentially, we can break RDP functionality down like this:

1. You, the remote person, make a request from your workstation to the company's physical Windows server.
2. The server looks at the machine where you’re requesting to check out the settings and exchange settings data.
3. The server accepts your request and connects you.
4. Your machine checks the company server's security to ensure it’s safe.
5. Your machine sends your security info so the server knows you’re safe.
6. The server sends back licensing data, letting your computer know it has permission to access it.
7. Your machine checks if the server can handle your request.
8. The server returns that check with its information to ensure the request is compatible.
9. Each machine finalizes the connection.
10. You can now exchange data.

Although this is a lengthy read, the process takes as long as a sip of coffee. You can then use the channels created with this remote access to share data back and forth.

Should you use RDP?

You may not have a choice. RDP is a preferred connection method for many businesses, especially if the information requires more security.

Although some companies can use services such as Google Docs to share workloads, some may work with more sensitive information. RDP is a secure line between the remote computer and the physical machines that don’t involve a third party like Google.

RDP is as safe as any other connected activity, such as surfing the internet or torrenting. However, there are always risks because it involves connecting to another device. 

That’s why you should use complex passwords, a strong and secure antivirus, and a virtual private network.

Common RDP vulnerabilities

Most RDP vulnerabilities are based on human error. Poor password health and unrestricted access are some of the most common ways hackers get in through RDP ports. In fact, there’s software built just to scan the internet for open RDP ports.

Once a cybercriminal finds a vulnerability, they can brute-force their way into the machines. RDP ports are currently responsible for the majority of cyber attacks. But what do these hackers want once they’re in? Well, once they've taken over, they can perform a number of deceitful operations.

These include but are not limited to the following:

• Ransomware attacks
• Distributed Denial of Service (DDoS) attacks
• Man-in-the-Middle (MitM) attacks
• Data theft
• Smart card hijacking
• Launch ransomware attacks at others

Basically, once the threat actor has access to your machine, they can control it and do what they like.

How to secure your RDP ports

Secure remote access is an absolute must if you’re going to use RDP. Remember, once an RDP connection is made, a hacker could gain complete control over the machine. Luckily, there are several manual and automatic ways to secure RDP ports and prevent hackers from connecting.

Restrict access

When the system administrator sets up profiles, ensure that only the people who need access to certain areas have access. Not everyone has to have access to HR files, accounting information, etc. This reduces the risk of unauthorized access to remote desktop services during an RDP session.

Restrict login attempts

Brute-force attacks happen when there are no secondary security measures in place. Restrict login attempts to three to five at most. After that, lock access for physical and remote users. This helps prevent an attacker from endlessly trying to guess credentials.

Use authentication

In addition to restricting login attempts, ensure two-factor authentication (2FA) is enabled. You can even insist on multi-factor authentication, which includes more than one additional method of authentication.

For extremely sensitive data, network-level authentication can help keep out hackers and employees who don’t need certain clearances. This will secure access and serve as an alert system to potentially unwanted activity.

Use an RDP monitor

RDP monitoring tools allow you to set up alerts, see who’s accessing your system, create reports on attempted RDP sessions, close ports, whitelist users, and even give you a kill switch option to shut down everything if you suspect suspicious activity.

Close RDP ports

If RDP isn’t being used, don’t leave it open. Closing ports at the end of each session prevents them from being picked up during an open port scan.

Use a VPN

Using a virtual private network (VPN) to encrypt the transmitted data can help keep your connection secure. Although one of the best VPNs should be an addition to your RDP security measures, it shouldn’t be the only security measure you have in place.

Alternatives to RDP

RDP is a useful feature that became essential in 2020. However, because it’s riddled with security issues, you may feel more comfortable using a different type of remote protocol. Safe alternatives are available.

Secure Shell (SSH)

SSH is a secure protocol that provides authentication, encryption, and data integrity protection when connecting. Although creating the connection from a remote computer to a company server we explored earlier, SSH encrypts and authenticates the data exchanges.

This means the data is hidden as it’s being exchanged. After the connection is made, both you and the server you’re accessing are checked to make sure it’s really you and that it’s really the server.

Virtual Network Computing (VNC)

VNC is an oldie. Developed in 1990 as an open-source research project, it’s considered slightly slower and less secure than other remote options. Although there are several different types of VNC connections, if you’re looking for more speed and safety, you’ll probably want to choose a different option.

File Transfer Protocol (FTP)

FTP is used to transfer files from one machine to another. RDP allows you to remotely access another machine, even using it as you would if you were there. You’ll also use FTP to transfer files. Because you can use an FTP configuration with a firewall, there’s more security than an open RDP port.

Chrome Remote Desktop (CRD)

C’mon, you knew Google was going to have skin in the game. If it’s tech, Google is going to create its own product. CRD works with Chrome OS or a Chrome browser. Because you have the power of Google behind it, it has the added benefits of Google’s secure connections. Although they’re typically more secure than their PC counterparts, Chromebooks still need a good antivirus.

FAQs about RDP security

Bottom line

RDP connections are useful ways to work remotely. Before 2020, these protocols were mostly used for admins and techs who wanted to check on a machine without going to its location. As our world gravitates toward remote work, finding safe ways to connect must be a top priority. RDP connections don’t need to be retired; they just need to be secured.

Following safety best practices, such as using a secure VPN bundled with antivirus software, helps ensure you can continue to enjoy secure connections from anywhere. (If you decide to spend three months working remotely from Fiji, though, let us know — you may have a new travel companion.)