The Microsoft Remote Desktop Protocol (RDP) provides remote display and input capabilities over network connections for Windows-based applications running on a server. With RDP, network administrators can remotely troubleshoot and diagnose problems associated with end user desktops.
Some companies also use RDP to enable remote work for employees that are traveling or working from home.
To begin a remote desktop session, a user or admin must use RDP client software to connect to a remote Windows PC or server running RDP server software. Using a graphical user interface (GUI), users and admins can edit files, open applications, and perform other tasks as though they are using their actual desktop.
All major operating systems, including Windows, Linux, Unix, Mac OS, iOS and Android, offer a version of RDP. However, the most common and well-known version is the one developed by Microsoft, previously referred to as Terminal Services Client or Terminal Services.
Security Risks of RDP
RDP is a common attack vector if left open to connections from the public internet. Attackers may gain initial access through RDP by brute-forcing or stealing credentials, then install ransomware on the targeted system. Insecure RDP also increases the risk of man-in-the-middle attacks.
Internet-facing RDP also exposes the connection to being stolen and your entire session being replayed. Purchasing RDP credentials is relatively easy and inexpensive on cybercrime marketplaces; they can go for $20 each.
These security risks have only increased with the pandemic as companies transition to remote work. From December 2019 to April 2020 in particular, RDP attacks rose 85% over time on Blumira’s honeypot.
RDP Best Practices
Here are a few security recommendations for using RDP:
- RDP should never be internet-facing, as it is not a secure method of remote management.
- RDP is not secure in general without configuring Network Level Authentication (NLA) and similar protections.
- Any and all remote access should flow through a proper virtual private network (VPN) connection protected by two-factor authentication (2FA) whenever possible.
- Limit the amount of users that need RDP access and limit access to specific IPs, whenever possible to follow least privilege principles (see tips on Group Policy Management).