By JAMES GENTRY
(Part 3 of a multipart series)
What is Remote Desktop Protocol (RDP)?
Remote Desktop Protocol gives users the ability to connect to another computer over a network connection. When you connect to a remote computer using RDP, you are able to see the screen of the remote computer as if you are sitting in front of it.
But RDP is also the leading cause of cyber insurance claims, as you will learn below. I’ll also give you some information about how to disable it, how to use it in a secure manner, and also some alternatives if you cannot secure RDP.
Here are some details and definitions you will need to know:
- Remote Desktop Protocol: RDP was developed by Microsoft and has been included with every Microsoft Operating System since Windows XP. RDP already had widespread use prior to COVID-19, but once lockdowns forced employees to work from home, RDP use exploded.
- Ports: Two types of ports exist:
- Physical Ports: The female jacks into which you plug network cables, these ports are on computers, servers, network switches, firewalls, etc.
- Logical Ports: Known as “software” ports, these are assigned to different services and will be important for our discussion. More on this below.
- Firewall/Router: Used to connect your business network safely to the Internet (but ONLY if properly configured), firewalls allow or deny access to certain ports on your network from the Internet. More on this below as well…
Part 1 Cybersecurity series “Cyber Insurance Applications: New Stringent Requirements Are NOT Designed to Protect YOU”
Part 2 Cybersecurity series “Do You Use SPF, DKIM, and DMARC to Authenticate Outgoing Email?”
Let’s expand on Logical Ports for a moment. The best analogy I’ve seen for Logical Ports is telephone extensions. You make phone calls using a phone number, and then you connect to the proper phone by using an extension. Computers “phone” each other, using IP addresses, and they use ports to “talk” only to the correct service or application.
For instance, all web browsers are designed to use port 80 or 443 to access websites. If a web address starts with HTTP://, it’s using port 80. If a web address starts with HTTPS:// it’s using port 443. The correct port is accessed automatically, so you don’t have to remember which port to enter.
There are 65,536 Logical Ports, but we need to focus on port 3389—used for RDP.
But first, let’s expand on Firewalls. When properly configured, firewalls allow “good” traffic to pass through from the Internet to your network and vice-versa. Most importantly, though, firewalls deny “bad” traffic from passing through.
Key takeaway: We want to close all ports that might allow “bad” traffic to get to your network and potentially cause a malware infection or worse. If we open a port that is vulnerable, your network can be compromised with little effort.
So, why does this matter to you? In 2017, an estimated 4.5M RDP ports (3389) were open to the Internet. Most were professionally deployed with the proper security measures.
But everything changed in response to COVID-19. Suddenly millions of employees were forced to work from home, and in 2020, more than 10M new RDP ports were opened to the Internet. Unfortunately, in the rush, many RDP ports were opened to the Internet without proper security measures.
Cyber criminals soon noticed the massive increase of unsecured RDP ports, and they exploited vulnerabilities to gain access to business networks. According to one cyber insurance provider, the number of Ransomware attacks tripled between March and April 2020, and the volume of successful attacks became so high that threat actors began bumping into each other during their criminal adventures.
By the end of August 2020, some businesses were being extorted by multiple extortionists at the same time, and by the end of 2020, Ransomware attacks had increased by over 700%.
How can you tell if RDP ports are open or if RDP is enabled?
If you have an IT department or have an outsourced provider, they can determine if you have open RDP ports. Because this probably requires access to your company firewall, it’s not something that you would be likely to find out on your own.
How do you disable open RDP ports?
Your best bet is to have your IT folks help with this. You can disable RDP on your own PC, (https://www.cisecurity.org/insights/white-papers/intel-insights-how-to-disable-remote-desktop-protocol), but conferring with your IT folks first would be best.
If you can’t use RDP, how can you connect to your work PC remotely?
- Many vendors of software to allow remote access exist, including LogMeIn, Citrix, GoToMyPC, and others. These can be secure and relatively safe. But as before, you will want to consult with your IT people on this. You need to ensure the configuration is as secure as possible.
- Have your IT people set up Multi-Factor Authentication (MFA) for your remote access, no matter what tool you use.
- You can safely connect to your work PC if you have a VPN between your remote location and your company network.
- You can have your IT people set up a Remote Desktop Gateway Server, but this is an expensive option for small businesses.
RDP is useful but very unsecure. You MUST NOT have open RDP ports into your network unless they have been properly secured by a professional. Third-party remote software can be a great option, but MUST be configured properly, in particular with MFA. If you don’t have anyone to help, you can reach out to Atlantic Data Team, and we will help you determine—at no charge—if you have open RDP ports. We are committed to making the Web a safer place.
In next month’s article, I will discuss Multi-Factor Authentication (MFA) and how effective it can be at stopping unauthorized access to your stuff. Until then, stay vigilant!
James Gentry is the president of Atlantic Data Team, a central-Florida-based business IT company. If you cannot get a straight answer on whether you use filtering or not, we will be happy to help you, at no charge to determine if you are protected. We are committed to making the web a safter place. For more information go to www.atlanticdatateam.com or email firstname.lastname@example.org