Skip to main content
Free Trial Buy Now

Is remote desktop protocol (RDP) secure?

Posted:
05/30/2023
| By:
Katarina Palacios

In today’s distributed, hybrid, and remote workforce, many businesses leverage Remote Desktop Protocol (RDP) to access external computers and servers. However, is RDP secure? 

RDP is one of the most popular methods of accessing remote computers, with many businesses relying on RDP servers daily. And while RDP is a convenient, effective, and secure protocol for many organizations, it’s essential to be mindful of certain security vulnerabilities. 

How secure is RDP? In an ideal world, using an RDP secure connection only allows authorized users to access confidential data and remote systems—however, just like any software, RDP is not without vulnerabilities that can be exploited by cybercriminals. In recent years, vulnerabilities—particularly with remote code execution—have allowed cybercriminals to gain unauthorized access to computers and servers. 

Keep reading to protect your organization and provide comprehensive knowledge on any potential security risks with RDP. 

The role of RDP

What is the role of Remote Desktop Protocol for businesses today? The most common reason that organizations leverage RDP is to enable users to “remote in” to a computer at another location. Through the use of remote desktop technology, a user can easily view the computer’s screen, control the cursor, and access files and software. 

For many IT teams, RDP is the most effective and convenient method for IT support technicians to identify problems, manage system resources, and verify device health and efficacy. By using RDP, technicians can remotely access computers and navigate challenges, provide training, and monitor overall device performance. 

Overall, the role of RDP is to provide secure, reliable, and effective remote access to desktops and servers via a network connection. This allows support technicians to work remotely and access the resources and data they need to accomplish their tasks. 

Where is RDP vulnerable?

RDP is vulnerable to several security threats—and like any digital tool or resource, vulnerabilities can arise when using RDP. However, with a multifaceted strategy and approach, many potential risks can be managed and mitigated, keeping your organization’s sensitive data and confidential information safe and secure. 

Despite the effectiveness and convenience of RDP for organizations, there are a few known attack vectors that IT professionals should remain aware of: 

  • Unrestricted port access: Most RDP connections have a default setting of using port 3389. Because of this open, external-facing port, cybercriminals can take advantage of this unrestricted port setting to gain unauthorized access to a server or desktop and launch a cyberattack. 
  • General vulnerabilities: From time to time, security flaws and vulnerabilities within the Microsoft RDP servers themselves can arise. In 2019, two major Microsoft vulnerabilities were discovered. It was subsequently addressed by patches released shortly after—keep reading to learn more about these two vulnerabilities. 
  • Brute-force credential attacks: Brute-force credential attacks occur when cybercriminals seek out weak user credentials. By hacking their credentials, cybercriminals can gain entry into systems and exploit certain vulnerabilities. 

In nearly all RDP-related attacks, these existing vulnerabilities serve as an entry point for cybercriminals to launch a broader-scale attack. By hacking into a computer or server through an RDP vulnerability, threat actors can exploit the organization through an attack: 

Ransomware/malware 

Cybercriminals can use RDP to gain access to an organization’s entire network. After the initial entry, threat actors can then explore the network, extract sensitive information, encrypt data, and deploy ransomware or malware. In a ransomware scenario, for example, a cybercriminal then extorts the victim by threatening to post confidential data publicly if the ransom is not paid. 

Distributed Denial-of-Service Attack 

Exploiting RDP vulnerabilities can also lead to a distributed denial-of-service (DDoS) attack. In this form of cyberattack, the actor’s goal is to send as much data as possible to a target server in order to overwhelm it and force it to shut down. DDoS cybercriminals may target RDP servers as they can quickly overwhelm the system, causing it to go offline. 

For both ransomware, malware, and DDoS attacks, IT professionals should take a number of steps to create robust security protocols and maintain best practices in order to mitigate and prevent cyberattacks. 

 RDP vulnerabilities

RDP vulnerabilities can be a common target for cybercriminals—and various versions of RDP releases over the past few years have contained vulnerabilities, leading to required patch updates.  

In recent years, two major issues allowed remote code execution and resulted in cyberattacks made possible through RDP:  

  • DejaBlue (CVE-2019-1181 & CVE-2019-1182): A 2019 RCE vulnerability discovered on Microsoft RDP servers impacted all versions of Windows 7 through 10. The exposure was connected to an integer overflow problem found with one of the RDP server’s base dynamic link libraries. 
  • BlueKeep (CVE-2019-0708): Another 2019 RCE vulnerability, BlueKeep affected systems running Windows 2000 to Windows 7 and Windows Server 2008 R2. The issue impacted the termdd.sys, or the Windows driver responsible for managing all RDP connections. In May 2019, Microsoft released a patch to fix the issue. 

Best practices to secure RDP

What are the best practices to secure your RDP? In an ideal world, using a remote desktop is a secure, seamless practice with positive results. However, in order to effectively mitigate and prevent the risk of cyberattacks, rogue sessions, or unauthorized access, IT professionals should always take a comprehensive approach to security and integrate other strategic measures to ensure security. 

To enhance overall RDP security and protect a remote workforce, keep these best practices in mind:

  • Determine proper access. When a company enables RDP on Windows, the program, by default, only allows access by the local or domain administrators. This prevents access to the standard user—but it can lead to an increased risk, since all administrators can gain control of RDP. Our recommended best practice is to follow the principle of least privilege and eliminate universal admin access in all scenarios. Instead, only grant access to standard users who need specific access to a particular system or server. Once they’ve completed the task and gathered the information needed, revoke access to improve overall security. Adding proper access management solutions to your RDP strategy can be useful as well here.
  • Monitor and log session activity. When a user leverages RDP to access a computer or server, session activity should be fully monitored to ensure no suspicious behavior or security breaches. In addition, IT professionals should set up logging systems that track login attempts, failed authentication attempts, and successful logins. 
  • Use Network Level Authentication (NLA). One security feature of RDP requires users to authenticate before a remote desktop session is established. When an organization has NLA enabled, users must authenticate with the network before they can initiate an RDP connection. This adds an additional layer of security and helps prevent attackers from exploiting vulnerabilities.  
  • Deactivate the “listening” RDP ports. RDP uses a default “listening” port which makes servers and computers visible to the public. With this open port for inbound connections, computers and servers are exposed to hackers or cybercriminals. Regardless of how strict an organization’s endpoint security is, leaving RDP public-facing is best to avoid. As an IT professional, ensure that your team members are not leaving the default port setting of TCP 3389. 
  • Use strong passwords. Because brute-force credential attacks are prevalent with RDP, organizations should take steps to use secure passwords on any accounts with access to Remote Desktop Protocol. 
  • Use multi-factor authentication. In addition to a secure password management protocol to mitigate the risk of brute-force credential attacks, organizations should leverage multi-factor authentication (MFA) to further boost security measures. 
  • Keep all software updated. As an IT professional, ensure that you are keeping all software actively updated and running the latest versions of software. Keep a close eye on any recent updates or patches.
  • Provide education. Educate your team on some of the RDP security best practices and collaborate to raise awareness. Remind team members that best practices for security include strong passwords, MFA authentication, and changing the default gateway. 

Solutions for secure RDP

Without a comprehensive cybersecurity strategy, simply using secure RDP can pose a significant risk to an organization’s security. However, there are a number of solutions for secure RDP that will boost security and efficiency. 

  • Endpoint Detection and Response (EDR) software: Using endpoint detection and response (EDR) software in tandem with RDP provides organizations with increased visibility. With EDR, detect and respond to potential threats in real-time—even if the cybercriminal manages to bypass other security measures.
  • Firewall Management Software: Implement and manage firewalls that restrict unauthorized access to RDP ports. By using a firewall, IT professionals can control which IP addresses can access RDP systems. This often reduces the potential for brute-force attacks or other unauthorized access attempts. 
  • Remote Desktop Manager: One of the most effective ways to mitigate and manage RDP is through a secure remote desktop manager. This centralized tool allows IT teams to manage RDP connections securely. 

ConnectWise ScreenConnect offers a flexible, secure solution that empowers organizations to connect securely and reliably to remote endpoints. By using ScreenConnect, technicians benefit from a reliable and direct connection to desktops and mobile devices, making it easy to resolve issues quickly and reduce customer downtime. 


Start your free 14-day demo of ScreenConnect today. Also, consider adding on ConnectWise Access Management in order to get further endpoint protection.

FAQs

No, it is not safe to allow multiple users to share RDP connections. Allowing multiple users to share RDP connections can heighten the risk of unauthorized access and potential security breaches. In addition, if one user’s account is compromised, the cybercriminal or attacker can then use that user’s RDP credentials to access the shared session. If possible, create individual RDP accounts for any users who need to gain access to certain servers or desktops. It’s also important to discourage any shared passwords or credentials through internal policies. 

Depending on the location and industry of your organization, you may need to navigate a particular set of compliance requirements. Because every business is different, start by understanding your industry’s unique compliance requirements and determine if any considerations should be made for RDP.  

Yes. By monitoring RDP traffic, organizations can improve network security by gaining visibility into suspicious activity or detecting rogue actors. By monitoring data, IT professionals can keep an eye out for failed login attempts, brute-force credential attacks, or unusual session activity. However, simply monitoring RDP traffic is not enough to ensure network security—this is why it is critical to implement a multi-pronged approach to cybersecurity.  

Using RDP on mobile devices can be secure, however, there are important considerations to keep in mind. The most important step is ensuring that strong authentication measures are put in place to prevent unauthorized access to RDP sessions, encrypted sessions, and access control. 

It is not safe to use RDP on unpatched operating systems. Because unpatched systems are vulnerable to known security vulnerabilities that can be exploited by cybercriminals, it is critical to only use RDP on operating systems with the latest patches and updates.

Yes, small businesses and startups should follow the standard RDP security best practices. This includes creating secure passwords, utilizing MFA authentication, monitoring session activity, and restricting user access. As the organization grows, regularly review and update these security measures to ensure continued protection.

No, RDP should not be used over public Wi-Fi networks as it poses a significant security risk. 

Many organizations use RDP for secure remote access; however, other options can include VPNs, remote access software, or web-based access.

Multi-factor authentication (MFA) should ideally be used with RDP for added security. By requiring users to provide additional authentication passwords, such as a one-time code, MFA can help prevent unauthorized access to RDP sessions. 

Yes, when you disable unused RDP ports, it will bolster overall network security. In doing so, it reduces the overall “attack surface” of your network and limits opportunities for attackers to gain access.