https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

From the Industry


Sponsor Content

Home office with laptop

RDP: It’s Putting You and Your Clients at Risk

  • July 20, 2018
Here are four high-level options for making your environment, and the environments you manage, more secure.

Originally released with Windows NT 4.0’s Terminal Services, the Remote Desktop Protocol (RDP) has been a staple in every IT pro’s arsenal of tools. Its ability to allow IT to be on any system and perform tasks as if they were local made it an instant hit.

But, in recent years, with the increase in cyberattacks, the many ways in which an attacker can take advantage of built-in tools and protocols have made this protocol even more popular with the wrong crowd. Its ability to give an attacker direct access to a system, when mixed with insecure passwords and default settings, is a recipe for disaster. Attackers can disable endpoint protection, establish a foothold in the organization and more. Once this happens, no endpoint security solution can save you.

Those of you using publicly accessible RDP sessions to connect to clients are leaving their networks completely vulnerable to attack. A simple automated IP address port sweep will let attackers know when an RDP session is exposed and ready to be compromised. Tyler Moffitt, Senior Threat Analyst at Webroot, states, “It’s a simple case of not if, but when. If your RDP connection is publicly available to connect to, you will be targeted. The most successful way criminals will infect you with ransomware is through the unsecured RDP attack vector.”

In a recent report focused on the state of security of banks by security assessment company Positive Technologies, it was reported that half of all banks were found to have left remote access and control interfaces (which includes RDP) accessible from the Internet! While none of your clients may be banks, this shocking stat should raise concerns that even organizations we all would agree are targets for cyberattacks aren’t as secure as we think they are.

And, once the bad guys get in, RDP is even more useful.

In the most common of cyberattack methods, the kill chain includes the need for lateral movement–the jumping from endpoint to endpoint in an attempt for the attacker to eventually gain access to a system containing valuable data. The combination of easy system access via RDP and either compromised elevated credentials or insecure commonly used passwords makes lateral movement an easy task.

In addition, some attackers leverage RDP even when remote logon isn’t permitted. Using an elevated account with log on locally permissions, remote access to the \windows\system32 folder of a target endpoint is first used to replace the Sticky Keys application (sethc.exe) with cmd.exe. An RDP session is established, even if the compromised account the attacker has isn’t allowed to logon via RDP. Then a key is pressed repeatedly, invoking cmd.exe instead of Sticky Keys, giving the attacker elevated access to the command prompt on the target system. This is just one example. There are plenty more techniques and exploits that criminals have access to that enable them to leverage the RDP attack vector.

So, what should you do about RDP to protect not only your clients, but your business, as well?

Here are four high-level options, each one making your environment, and the environments you manage, more secure:

1. Limit access: Consider changing the default port of TCP 3383, using virtual networking/VLANs/etc. to limit access to critical systems via RDP.

2.  Focus on the logon: Consider using multi-factor authentication as a way of thwarting any use of a remote session. Additionally, solutions that monitor logon activity can provide IT with additional visibility around inappropriate and unusual logon attempts. At the very least, designate a maximum number of logon attempts before lockout, so brute force tools can’t be leveraged.

3. Protect endpoints: Solutions designed to detect network anomalies, such as an RDP session attempt from another workstation (which probably never happens normally) can be used to both respond to (by killing the session) and notify IT of the attempt.

4.  Use a paid encrypted solution: When RDP came out, we had little more than pcAnywhere and a few other products for remote sessions. Fast forward more than 20 years, and there are tons of alternative ways you can provide remote access. For critical systems where elevated accounts are used, consider Privileged Session Management–these solutions provide not only their own remote desktop session, but also obfuscate the account name and password used to access a system (keeping the elevated credentials protected, as well). For endpoints used by regular users, consider using a secure third-party remote session solution–such as VNC, TeamViewer, LogMeIn or ScreenConnect–to allow IT to continue to support its users with encrypted connections.

RDP: Ready to Ditch the Protocol?

With security threats at an all-time high, and so many other (and, quite frankly, better) remote desktop options out there, it’s time for MSPs to recognize the risk that comes with RDP. At minimum, look for ways to better secure the access to, and use of, RDP. And, if you can, leverage today’s advanced technologies to go beyond basic remote sessions and take control of your–and your clients’–security posture.  

To learn more about Webroot, and its entire suite of security solutions, click here.

This guest blog is part of a Channel Futures sponsorship.

 

 

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs From the Industry Mobility Security Webroot Sponsor Content

Related


  • Tactical Threat Intelligence Has a Critical Place in a Layered Cybersecurity Strategy
    Tactical threat intelligence typically focuses on the latest methods threat actors are using to execute attacks.
  • cybersecurity predictions
    Cybersecurity: What to Expect in 2021
    Remote work is here to stay (and other cybersecurity predictions for the year ahead).
  • Security shield on digital background
    Lockdown Lessons: Securing Your Business First
    When you consider modern attacks, it’s pretty obvious that all businesses—managed service providers (MSPs), small- to medium-sized businesses (SMBs), etc.—need a strong lineup of cyber-defense tools, not just a barebones firewall and old-fashioned antivirus. You need to protect your business first, and to do that, you have to build out a strong cybersecurity stack that […]
  • RDP: It’s Putting You and Your Clients at Risk
    Lockdown Lessons: Shoring up Your Network and Security Policies
    Ultimately, every business wants to do what they can to best serve their clients and customers. They also want to grow successfully, increase profits and create lasting relationships for long-term recurring revenue. But in today’s, if you don’t have a good security setup, the chances you’ll get breached get higher every day. That means all […]

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Lockdown Lessons: Why Hackers Hack - The Profile
  • Lockdown Lessons: Why Hackers Hack - The Stereotype
  • Implementing a Layered Cybersecurity Strategy
  • 16 Questions to Ask Clients in a Vulnerability Assessment

Galleries

View all

From The Second City: How to Use Improv as a Business Tool

March 3, 2021

Industry Perspectives

View all

5 Ways XDR Can Improve Operational Efficiency for MSPs

March 4, 2021

Multi-Cloud: Strategy or Inevitable Outcome? (or both?)

March 3, 2021

Backup Vulnerability: 4 Targets Hackers Might Utilize to Infiltrate Your Backup Solution

March 2, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 23, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021
  • 1

White Papers

View all

Why Fortinet for my MSSP?

March 2, 2021

Small and Mid-Size Business Security: 4 Steps to Success

March 2, 2021

How SMBs Can Secure Endpoints and Remote Workers for the Long Haul

March 2, 2021

Upcoming Events

View all

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

#MSPs can help businesses deal with #cloudcomputing and #cybersecurity pain points, says @Dreamix_Ltd.… twitter.com/i/web/status/1…

March 8, 2021
ChannelFutures

Chinese hacker group #HAFNIUM exploits critical @MSFTExchange Server vulnerability, could impact thousands.… twitter.com/i/web/status/1…

March 7, 2021
ChannelFutures

Our latest #Cybersecurity Roundup highlights #CPVirtual, @Huntresslabs, @Entrust_Corp and @InsightEnt.… twitter.com/i/web/status/1…

March 5, 2021
ChannelFutures

RT @Channel_Expo: A HUGE thank you to our amazing #CPVirtual sponsors and exhibitors! 👏 @ATTBusiness @DellTech @8x8 @lumentechco @telarus @…

March 5, 2021
ChannelFutures

.@okta acquiring rival @auth0 in $6.5 billion all-stock transaction. #security dlvr.it/Rtzwdp https://t.co/4LvHCJuwsR

March 4, 2021
ChannelFutures

.@MicrosoftTeams features are coming to @MSFTDynamics365, the company announced at @MS_Ignite. #MicrosoftIgnite… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

.@PreciselyData acquired by Clearlake Capital, @TAAssociates. #digitaltransformation dlvr.it/RtzbKg https://t.co/1rNYnTScxq

March 4, 2021
ChannelFutures

Thanks for attending #CPVirtual. Here's a Day 3 wrap and a look ahead to #CPExpo Homecoming in November!… twitter.com/i/web/status/1…

March 4, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X