Skip to content
Get A Demo
Free SIEM

    RDP (Remote Desktop Protocol)

    The Microsoft Remote Desktop Protocol (RDP) provides remote display and input capabilities over network connections for Windows-based applications running on a server. With RDP, network administrators can remotely troubleshoot and diagnose problems associated with end user desktops. 

    Some companies also use RDP to enable remote work for employees that are traveling or working from home.

    To begin a remote desktop session, a user or admin must use RDP client software to connect to a remote Windows PC or server running RDP server software. Using a graphical user interface (GUI), users and admins can edit files, open applications, and perform other tasks as though they are using their actual desktop. 

    All major operating systems, including Windows, Linux, Unix, Mac OS, iOS and Android, offer a version of RDP. However, the most common and well-known version is the one developed by Microsoft, previously referred to as Terminal Services Client or Terminal Services.

    Security Risks of RDP 

    RDP is a common attack vector if left open to connections from the public internet. Attackers may gain initial access through RDP by brute-forcing or stealing credentials, then install ransomware on the targeted system. Insecure RDP also increases the risk of man-in-the-middle attacks. 

    Internet-facing RDP also exposes the connection to being stolen and your entire session being replayed. Purchasing RDP credentials is relatively easy and inexpensive on cybercrime marketplaces; they can go for $20 each.

    These security risks have only increased with the pandemic as companies transition to remote work. From December 2019 to April 2020 in particular, RDP attacks rose 85% over time on Blumira’s honeypot.

    RDP Best Practices

    Here are a few security recommendations for using RDP: