A client called wanting RDP (Remote Desktop Protocol) set up on their home computer. They wanted to utilize RDP so that they could connect to their office computer from home. This is a normal request and the issues that followed are all too normal also.
The first thing we make sure of is that the client has the proper security in place to effectively and securely set up remote connections. What we find all too often is that the clients have RDP set up or attempted to be set up without a firewall supporting a VPN Connection. Worse is that we find that a previous IT company or jack of all trades tech setup RDP sessions without proper security at all.
Finding insecure RDP sessions is no issue when using the correct tools. A popular website, Shodan.io, is perfect to easily find vulnerable RDP sessions. Simply go to the mentioned site, in the search bar type in RDP, and press enter. If you would like to learn more then a good start is this video showing just how easy it is to utilize the site to find vulnerabilities. Taking it a step further you can also type in your own website IP and see the listed open ports and vulnerabilities but so can anyone else.
What makes RDP insecure without a VPN connection is that you are simply opening a port and allowing public (Open to bots, and malicious actors) traffic over that port. TCP port 3389 and UDP port 3389 are the default ports that RDP utilizes. Now, these can be changed and a tech may make that claim and say “Let’s just port forward.” Port forwarding still does not encrypt your traffic. That is what the VPN is used for.
A proper setup would be to first set up a VPN connection for your office. We do this by installing a firewall that supports VPN. Once this is done RDP doesn’t have to be opened to the WAN (Public Internet) at all. The VPN allows your client (The machine you are using to connect) to connect to your office through a secure encrypted tunnel. This means no devices in your office are being left open to be attacked. Once you connect by signing into your VPN then only that device you are signed in on is allowed to access your office network. All of this traffic being sent over the VPN tunnel is encrypted. That means even if your connection is being monitored then the traffic would only show that it is using a VPN and nothing else would be decipherable.
After we deploy our firewall solution it also future proofs your company with any future network-related upgrades. Anything you can do while in your office is available over the VPN connection. Even the option to print to office printers if needed. At this point, I am sure most office workers and companies have heard of the terms mentioned here but it seems too many companies are waiting for a worse case situation before they implement best practices. This normally comes down to the budget or time involved. I can surely say that budget and time involved is minuscule when compared to budget and time involved after the compromise of your business.
Give us a call to day to talk about securing your network.
Leave a Reply
Your email is safe with us.