Best Practices for Securing Remote Desktop Protocol (RDP)

The pandemic and the resulting shift to remote work greatly increased the usage of Remote Desktop Protocol (RDP). 

While RDP has become more important to many organizations, expanding RDP usage also expands the attack surface for cybercriminals.

The Center for Internet Security (CIS) recently published a report on securing RDP, and it includes a powerful statement on where we are in cyber history: 

"We are at a point in cybersecurity where offense must inform defense in order to help protect against the most prolific cyber threats to our environments. Telecommuting has always presented challenges, balancing security with usability. Open-source reports indicate that Remote Desktop Protocol (RDP) usage jumped an estimated 41% when COVID-19 struck."

Open-source reports also tell us that over 3.5 million devices have RDP open publicly. However, just because these are open publicly does not mean the devices are actively exploited. It just means that the surface area for attacks is very large for bad actors to exploit.

The The Multi-State Information Security & Analysis Center (MS-ISAC) notes that RDP is one of the most attacked protocols.

4 major benefits of RDP for your organization

Some may think that the best way to avoid an RDP attack would be to simply turn RDP completely off. But this is a problematic option since some applications require the Microsoft RDP for daily functions. 

The CIS report says there are four major benefits of RDP.

1. "End-users are able to connect to organizational systems from home, or while they are away, using a graphical user interface (GUI).
2. For organizations on a limited budget, purchasing expensive software to set up a remote environment may not always be feasible. Therefore, utilizing RDP may be the only available option.
3. The ability to harness the remote system's full processing power, which is especially beneficial when running very resource-intensive applications. This, in turn, also reduces the need to purchase additional hardware to support those who may work both in the office and at home.
4. Another benefit that may not always be visible is an increase in productivity for employees. In the current world where many organizations shifted quickly to a remote environment, it is critical to keep employees happy. If multiple barriers are put in an employee's way, it will only tempt them more to break security policies in order to 'get the job done.' Without providing a secure remote protocol to access organizational assets, employees may send sensitive data to their personal assets, or upload them to unsecure cloud providers. While maintaining a secure environment should always be a top priority, a balance between usability and security should be kept in mind when making decisions that will impact an organization's workforce."

These benefits are fantastic for an organization, but how can you mitigate the risks that come along with RDP usage?

7 best practices for RDP security

The CIS report outlines seven ways to improve the security of RDP, which are low or no cost to an organization. They are:

1. "Place RDP-enabled systems behind a Remote Desktop Gateway (RDG) or virtual private network (VPN).
2. Update and patch software that uses RDP.
3. Limit access to RDP by internet protocol (IP) and port.
4. Use complex, unique passwords for RDP-enabled accounts.
5. Implement a session lockout for RDP-enabled accounts.
6. Disconnect idle RDP sessions.
7. Secure Remote Desktop Session Host."

RDP-based attacks are most effective when organizations lack basic cybersecurity controls, including those listed above. 

For more detailed information regarding RDP and RDP-based attacks, you can check out the CIS report.