Contact Us
back

Reduce Threats When Using RDP-Type Access Methods

Published On: 
Jun 18, 2020

Barbara M. Hunt

Founder and Chief Executive Officer
145 Views    10 Comments

Michael J. Sever

Chief Operating Officer
Network Security
Remote Workers
Cyber Security

With remote workplaces becoming the “new normal,” businesses and institutions are struggling to provide their employees with secure off-premise access to critical sensitive systems and data. Large corporations and even previously obscure government entities are turning to well-known open Internet applications (Zoom, MS Teams, Skype, etc.) to keep employees both technically and socially connected to the parent organization while they remain physically separated.

 

The Challenge

The solution chosen by each entity is reflective of the resources (i.e. budget) dedicated to proactive cybersecurity. With the sudden paradigm shift to remote access required, some organizations have chosen to use embedded tools such as Microsoft’s Remote Desktop Protocol (RDP) or multi-OS based tools such as NoMachine to open up internal resources to remote workers. These tools can be quickly deployed, are client friendly and can provide the same level of access as on-premise connections.   

Tools typically come with encryption and configurable network parameters to “obscure” network activity from would-be attackers, leaving the user with a false sense of security. One has to spend only minutes on research to find the plethora of inherent vulnerabilities in Remote Desktop Applications. Specifically, the use of RDP in Microsoft’s cloud computing solution has provided a lucrative target for hackers who are especially interested in finding and exploiting RDP vulnerabilities. Naturally, it is important to keep RDP updated with the latest patches. Some major known vulnerabilities in earlier RDP versions include:

 · In May 2019, a patch was released to fix a major vulnerability known as BlueKeep, which allowed for the possibility of remote code execution. According to Microsoft, the vulnerability was “wormable,” meaning it could be self-propagating, with the potential to cause widespread problems.

· Earlier versions such as 6.1 can reveal all the usernames and profile pictures of users on the RDP server.

· Very early versions allowed computers to be compromised by worms and unauthenticated clients and to “man-in-the-middle” attacks.

· Version 5.2 is vulnerable, where a hacker can eavesdrop on sessions, or hijack sessions.

Some additional research on the open Internet or the Dark Web reveals that much of the targeting and credential harvesting work has already been done for would-be criminals. Access to thousands of corporate and government systems can be purchased for as little as 10 USD. While alarming, there are some basic steps any organization can take to limit their exposure on the Internet. For example:

· Put RDP ports behind a firewall that can only be accessed using a VPN.

· Specific trusted hosts should be whitelisted.

· Follow strong password protocols, enable multi-factor authorization, and put in place lock-out policies to block brute force attacks.

· Disallow RDP to be used by administrator accounts.

· Enable automatic updates for the client/server software you are using and disallow access by clients that have not been updated.

 

How NetAbstraction Helps

This is where NetAbstraction can help. By employing NetAbstraction, network administrators can effectively shut the door to direct Internet exposure of internal systems via RDP. Working in concert with Network Administrators, NetAbstraction provides an impenetrable layer of protection between the client and the internal IT infrastructure. 

NetAbstraction completely removes the ability to determine that an organization employs RDP through port scanning or any other active targeting tool because those capabilities are never exposed to the open Internet. Additionally, NetAbstraction ensures that only users with the proper credentials have access to the NetAbstraction network before they ever reach your system’s remote portal. This provides an extremely secure and virtually transparent 2-factor authentication method to be seamlessly deployed to users worldwide. 

Additionally, NetAbstraction’s patented technology completely hides and obfuscates a user’s activities and effectively removes traceability between the client and the end system, thus further reducing the threat vector.

Featured Blogs

Corey Williams | Vice President, Marketing

CrowdStrike Becomes a Publicly Traded Company

June 12, 2019 - 5 mins
Corey Williams | Vice President, Marketing

CrowdStrike Becomes a Publicly Traded Company

June 12, 2019 - 5 mins
Corey Williams | Vice President, Marketing

CrowdStrike Becomes a Publicly Traded Company

June 12, 2019 - 5 mins
Corey Williams | Vice President, Marketing

CrowdStrike Becomes a Publicly Traded Company

June 12, 2019 - 5 mins
Related Content
Your title content goes here

It is a long established fact that a reader will be distracted by the readable.

Read More
Your title content goes here

It is a long established fact that a reader will be distracted by the readable.

Read More
Your title content goes here

It is a long established fact that a reader will be distracted by the readable.

Read More

Ad Space

Michael J. Sever

Chief Operating Officer

Mike has 33 years of experience with the Central Intelligence Agency in the fields of cyber development, technical collection and telecommunications. He is responsible for all technical development.

Related Content
COVID-19 speeds SD-WAN evolution to elastic infrastructure

The next phase of SD-WAN requires elastic infrastructure and distributed edge access to better support remote workers. The COVID-19 pandemic is accelerating that evolution.

READ MORE
Cybercriminals targeting cloud services amid shift to remote working

Attackers are increasingly hitting collaboration services such as Microsoft 365 to access cloud accounts with stolen credentials, says McAfee.

READ MORE
VPN, cloud, and phishing misunderstandings show up in myths about security and remote work.

Visibility remains a principal need for security and other reasons, especially across distributed environments.

READ MORE

Subscribe

Sign up for the latest posts and updates from NetAbstraction.

Subscribe

Related Blogs

Category
Best practices for Mobile Device Security

This article appeared in Security Brief, New Zealand and is republished here with their permission.Mobile phones have a huge impact on the day-to-day lives and the way one communicates with the world.

Read More
Category
Watch Compelling Keynotes and Sessions from the Fal.Con for Public Sector Conference

rowdStrike’s first Fal.Con for Public Sector cybersecurity conference — held last week at the new International Spy Museum in Washington D.C. — brought together.

Read More
Category
ITProPortal: CrowdStrike Discusses Life Beyond Malware

This article, “Life Beyond Malware,” originally appeared on ITProPortal and is published here with their permission.

Read More
2020
NetAbstraction