RDP: Remote Desktop Protocol Risks are Far from “Remote”

Last week, Microsoft warned the public of four new Windows vulnerabilities that are “wormable,” meaning they can be exploited to spread malware from one vulnerable computer to another without any user action. This comes fresh on the heels of the already notorious BlueKeep RDP vulnerability, which was publicly disclosed just months ago

These latest bugs, already patched by Microsoft, reside in Remote Desktop Services (RDS), which allow a user to take control of a remote computer or virtual machine over a network connection. These kinds of vulnerabilities within Remote Desktop Protocol (RDP) can have major security implications for those organizations relying on it.

Today, it is very common for businesses to use RDP as a method to access servers, collaborate with other employees, and remotely access documents stored and backed up in their office. Cyber criminals have developed a wide array of tools to continuously look for remote access points on the Internet and discover potentially vulnerable targets, like the vulnerabilities Microsoft announced. According to the FBI and DHS, RDP attacks have been on the rise since 2016, with attackers using an open RDP port to take over machines and inject various types of malware into the system being remotely accessed.

In this blog, I’ll cover a couple important ways that BeyondTrust solutions can help you improve remote access security and eliminate dangerous threat vectors, such as by better protecting RDP sessions.

1. Control privileges and sessions across all remote access points

BeyondTrust’s privileged access management (PAM) platform enables you to apply least privilege, enforce password management best practices, and layer on other security controls to help secure your RDP.

BeyondTust enables secure session management, with the ability to proxy access to RDP, SSH, and Windows/Unix/Linux Applications. Dynamic assignment of just-in-time privileges via Adaptive Workflow Control allows organizations to lock down access to resources based upon the day, date, time, and location. By limiting the scope to specific runtime parameters, it narrows down the window of opportunity where someone might be exploiting misappropriated credentials. For example, if you normally expect the administrator (or third-party vendor) to be logging on from particular systems, you can ensure that access is only permitted from predefined, allowable address ranges. Similarly, you can set up policies to control when the accounts are accessible, and alert when specific access policies are invoked.

On top of its granular access controls, BeyondTrust ensures that managed accounts have their passwords regularly rotated. For the most sensitive accounts, you can implement one-time-passwords, meaning it is changed for each use. Thus, should someone illicitly gain access to RDP session credentials, the password would have been rotated after the last use, rendering the credential useless and impeding access. This approach mitigates the risk of unauthorized access.

2. Improve security around remote support sessions

BeyondTrust also provides the market’s most secure remote support solution.

BeyondTrust’s Remote Desktop integration allows you to lockdown RDP in your organization and provide a secure, centralized remote access solution with robust auditing and collaboration features.

BeyondTrust’s Remote Desktop integration leverages our Jumpoint technology. A Jumpoint is basically a connection to a remote host, which, in turn, is used to connect to other hosts. This is a great tool to access a private network. The user simply connects via a Jump host, and everything is secure and locked down. Once a Jumpoint has been installed on a remote network, an authorized user can leverage the Jumpoint to initiate sessions with Windows computers on that same network—even if those computers are unattended.

A Jumpoint can be used to start a:

• Standard support session
• Remote Desktop Protocol session
• VNC session
• Shell Jump to an SSH-enabled network device
• Shell Jump to a Telnet-enabled network device
• Intel® vPro Windows system session

Support sessions, RDP sessions, and VNC sessions can also be started with systems on the same network segment.

The Jumpoint acts as the RDP broker. With BeyondTrust Remote Support, you are able to assign RDP permissions for users and teams. The Jumpoint will only allow RDP access to the authorized users and teams. Organizations are then able to restrict installation and use of RDP clients in their environment, while configuring their RDP hosts to only accept connections from the Jumpoint. Once those changes are implemented, the solution’s Windows, Mac, iOS, Android, or Linux Technician Console are the only applications that can be used for RDP access.

How does it work? Here are the key steps:

1. A Remote Support admin authorizes RDP access for a Technician or Support Team
2. A Technician initiates an RDP session through a Jumpoint
3. The RDP endpoint only accepts inbound RDP connections from the Jumpoint
4. The Jumpoint brokers the request from the RDP endpoint to the Technician
5. Optionally, the Technician is able to share and/or transfer the session with other technicians
6. The RDP session details, such as the technician name, endpoint name, date, time, and more, are audited on the BeyondTrust appliance
7. RDP sessions are recorded for auditing/compliance purposes

RDP with Collaboration

One of the powerful features of BeyondTrust’s Remote Support solution is the ability to collaborate with other Service Desk technician. With Remote Support’s RDP Integration, you can invite other Service Desk technicians to a support session, or even transfer a session to them. It’is a valuable, time-saving tool to have in your arsenal.

Once an RDP session is initiated through Remote Support, you also have the ability to transfer or share those sessions with other remote support technicians, even those running the Mac, Linux version, Android, or iOS version of the Remote Support Technician Console. RDP, I’d like you to meet collaboration. This has been a long time coming.

Next Steps for Securing your RDP and Privileged Access

With BeyondTrust’s RDP Integration, it’s easy to provide details on who accessed what Windows machine, when it occurred, what they accessed, and how long they were connected while using RDP. Our solutions simplify your path to compliance by providing comprehensive audit trails, session forensics, and other rich reporting features.

For a deeper dive into the security risks of RDP and how to address them with privileged access management, check out the on-demand webinar RDP: Privileged Access’ Worst Enemy, with Nick Cavalancia of TechVangelishm.

And, if you’d like to better understand how BeyondTrust can help you secure RDP as well as address other remote access and privileged access challenges, contact us today.