Cloud Hosting

As work from home is the new norm in the coronavirus era, youre probably thinking of enabling remote desktop connections for your off-site staff. Heres how to do it securely.

Accessing your servers or workstations desktops remotely is a great way to manage them. Its also a huge target for hackers.

For example, if hackers can gain access to the administrator login to your Domain Controller, they effectively own your Windows infrastructure and can quickly wreak havoc on your organization. From sending corporate emails to accounting departments and bookeepers, to siphoning off your companys intellectual property, to encrypting all your companys files and holding them for ransom, hacks on Remote Desktop Protocol (RDP) can be very bad.

In this context, although we will mainly say RDP, we mean all kinds of remote desktop and remote access software, including VNC, PC Anywhere, TeamViewer and so forth, not just Microsofts RDP. The good news is there are many defenses against RDP attacks, starting with turning it off. If you dont really need remote access, the off switch is the simplest.

If you do need to allow such access, there are a variety of ways to restrict it to the good guys:

First off, allow access only from internal IP addresses coming from your companys VPN server. This has the added benefit of not exposing RDP connection ports to the public internet.

Speaking of exposing ports, if thats your only choice, you may want to serve up RDP on a non-standard port number to avoid simplistic worms from attacking your network through its RDP ports. Keep in mind, though, that most network scanners check all ports for RDP activity, so this should be viewed as security through obscurity, since it provides practically no additional security against modestly sophisticated attackers. You will have to be extremely vigilant about reviewing network access and login activities in your RDP server logs, as it may be more a matter of when and not if an attacker accesses your network.

RELATED READING: COVID19 and the shift to remote work

Second, make sure to enable Multi-Factor Authentication (MFA) for remote users as another authentication layer, which we discussed in Work from home: Improve your security with MFA.

Third, whenever possible, only allow incoming RDP connections from your users public IP addresses. The easiest way for remote employees to look up their public IP address is to search Google for What is my IP address and the first result will be their IP address. Then your remote workers can provide that information to your IT/Security staff so that your company or organization can build a whitelist of allowed IP addresses. It is also possible to build a whitelist of allowable IPs by allowing their subnet, since dynamic home IP addresses would normally still fall within a subnet after a router reboot or other network maintenance on the client end.

Even if you secure your RDP access, there has recently been a flurry of exploits against it, so to avoid issues, make sure its fully patched. More information on securing RDP can be found in Its time to disconnect RDP from the internet.

Read the rest here:
Work from home: Securing RDP and remote access - We Live Security