With remote workplaces becoming the “new normal,” businesses and institutions are struggling to provide their employees with secure off-premise access to critical sensitive systems and data. Large corporations and even previously obscure government entities are turning to well-known open Internet applications (Zoom, MS Teams, Skype, etc.) to keep employees both technically and socially connected to the parent organization while they remain physically separated.
The solution chosen by each entity is reflective of the resources (i.e. budget) dedicated to proactive cybersecurity. With the sudden paradigm shift to remote access required, some organizations have chosen to use embedded tools such as Microsoft’s Remote Desktop Protocol (RDP) or multi-OS based tools such as NoMachine to open up internal resources to remote workers. These tools can be quickly deployed, are client friendly and can provide the same level of access as on-premise connections.
Tools typically come with encryption and configurable network parameters to “obscure” network activity from would-be attackers, leaving the user with a false sense of security. One has to spend only minutes on research to find the plethora of inherent vulnerabilities in Remote Desktop Applications. Specifically, the use of RDP in Microsoft’s cloud computing solution has provided a lucrative target for hackers who are especially interested in finding and exploiting RDP vulnerabilities. Naturally, it is important to keep RDP updated with the latest patches. Some major known vulnerabilities in earlier RDP versions include:
· In May 2019, a patch was released to fix a major vulnerability known as BlueKeep, which allowed for the possibility of remote code execution. According to Microsoft, the vulnerability was “wormable,” meaning it could be self-propagating, with the potential to cause widespread problems.
· Earlier versions such as 6.1 can reveal all the usernames and profile pictures of users on the RDP server.
· Very early versions allowed computers to be compromised by worms and unauthenticated clients and to “man-in-the-middle” attacks.
· Version 5.2 is vulnerable, where a hacker can eavesdrop on sessions, or hijack sessions.
Some additional research on the open Internet or the Dark Web reveals that much of the targeting and credential harvesting work has already been done for would-be criminals. Access to thousands of corporate and government systems can be purchased for as little as 10 USD. While alarming, there are some basic steps any organization can take to limit their exposure on the Internet. For example:
· Put RDP ports behind a firewall that can only be accessed using a VPN.
· Specific trusted hosts should be whitelisted.
· Follow strong password protocols, enable multi-factor authorization, and put in place lock-out policies to block brute force attacks.
· Disallow RDP to be used by administrator accounts.
· Enable automatic updates for the client/server software you are using and disallow access by clients that have not been updated.
How NetAbstraction Helps
This is where NetAbstraction can help. By employing NetAbstraction, network administrators can effectively shut the door to direct Internet exposure of internal systems via RDP. Working in concert with Network Administrators, NetAbstraction provides an impenetrable layer of protection between the client and the internal IT infrastructure.
NetAbstraction completely removes the ability to determine that an organization employs RDP through port scanning or any other active targeting tool because those capabilities are never exposed to the open Internet. Additionally, NetAbstraction ensures that only users with the proper credentials have access to the NetAbstraction network before they ever reach your system’s remote portal. This provides an extremely secure and virtually transparent 2-factor authentication method to be seamlessly deployed to users worldwide.
Additionally, NetAbstraction’s patented technology completely hides and obfuscates a user’s activities and effectively removes traceability between the client and the end system, thus further reducing the threat vector.
Mike has 33 years of experience with the Central Intelligence Agency in the fields of cyber development, technical collection and telecommunications. He is responsible for all technical development.
The next phase of SD-WAN requires elastic infrastructure and distributed edge access to better support remote workers. The COVID-19 pandemic is accelerating that evolution.READ MORE
Attackers are increasingly hitting collaboration services such as Microsoft 365 to access cloud accounts with stolen credentials, says McAfee.READ MORE
Visibility remains a principal need for security and other reasons, especially across distributed environments.READ MORE
Sign up for the latest posts and updates from NetAbstraction.
This article appeared in Security Brief, New Zealand and is republished here with their permission.Mobile phones have a huge impact on the day-to-day lives and the way one communicates with the world.Read More
This article, “Life Beyond Malware,” originally appeared on ITProPortal and is published here with their permission.Read More