- Feb 4, 2016
- 2,520
Millions of RDP endpoints remain exposed online and vulnerable to exploit, dictionary, and brute-force attacks
In a public service announcement published today by the US Federal Bureau of Investigation's (FBI) Internet Crime Complaint Center (IC3), the FBI is warning companies about the dangers of leaving RDP endpoints exposed online. RDP stands for the Remote Desktop Protocol, a proprietary technology developed by Microsoft in the 90s that allows a user to log into a remote computer and interact with its OS via a visual interface that includes mouse and keyboard input --hence the name "remote desktop."
RDP access is rarely enabled on home computers, but it's often turned on for workstations in enterprise networks or for computers located in remote locations, where system administrators need access to, but can't get to in person.
Together with the Department of Homeland Security, the two agencies have published today the following advice in regards to improving RDP security.
... ... ...
- Audit your network for systems using RDP for remote communication. Disable the service if unneeded or install available patches. Users may need to work with their technology vendors to confirm that patches will not affect system processes.
- Verify all cloud-based virtual machine instances with a public IP do not have open RDP ports, specifically port 3389, unless there is a valid business reason to do so. Place any system with an open RDP port behind a firewall and require users to use a Virtual Private Network (VPN) to access it through the firewall.
- Enable strong passwords and account lockout policies to defend against brute-force attacks.
- Apply two-factor authentication, where possible.
- Apply system and software updates regularly.
- Maintain a good back-up strategy.
- Enable logging and ensure logging mechanisms capture RDP logins. Keep logs for a minimum of 90 days and review them regularly to detect intrusion attempts.
... ...