RDS + Open Port + Danger
In 2016, three healthcare organizations were the targets of a hack that stole 655,000 healthcare records and sold the information for hundreds of thousands of dollars. How did the hackers do it? An error in how the companies implemented remote desktop protocol.
Small to medium sized businesses are the prime targets for these types of data attacks, mainly because IT security isn’t as heavily guarded.
Could your company be the next victim?
The Demand for Safer Remote Desktop Connections
The growing need for remote workers is pushing companies to do whatever it takes to make working from anywhere a possibility – but that possibility could come at an unexpected price you’re not willing to pay.
The increasing buzz of working remotely has unveiled a variety of challenges that’s keeping IT professionals on their toes. Given the rapid advancements of mobile technology and remote capabilities, it’s easier than ever for employees to work as easily from home as it is from their desk. On the surface, it’s a win/win: workers are happier with a more flexible schedule and companies have a competitive edge to retain top talent.
But what some companies may not be prepared for is that the increased security risks of remote access could leave them more vulnerable to hackers – and it could cost them more than they’re gaining from the practice.
The Dangers of RDS and Open Ports
RDS (Remote Desktop Services) is a popular feature of Windows that enables users to connect to computers no matter where they are. This is a commonly used tool for remote workers who need to access certain applications on their work computer without having to travel to the office.
It’s a powerful feature, but it’s not without its risks.
RDS ports are easily discovered in scans. Think of an open port as the equivalent of putting a computer in a public place where anyone can try to access it. Once an intruder finds an open port, he or she is one step closer to securing access to your company’s network.
Without the right security measures in place, hackers can try hundreds of passwords before anyone notices. Once they gain access, they can install malware or other harmful components that you may be unable to detect, especially if they enter your network with administrative privileges.
If they’re able to enter the network as an admin, they can tamper with your Active Directory, disable any anti-malware software and database services, and run ransomware that can hold your system hostage until you pay up.
The Pitfalls of Traditional Security Measures
Traditionally, enabling RDS on a Windows computer opens TCP port 3389. This port allows the computer to accept incoming logins from remote users. You can change this port, but it’s unadvisable to allow any computer running Windows RDS to the internet.
To combat this security risk, many companies are turning to several common methods to secure RDS, but these are usually flawed and could increase your vulnerability.
We highlighted these methods and their drawbacks in an earlier blog post, but here’s a brief rundown:
- Opening a TCP port on your firewall would be the equivalent of placing a computer in a public place, only it’s worse because anyone on the internet can try to access it.
- Restricting access to only trusted IP addresses limits the worker’s ability to access from public places.
- Employing Microsoft RD Gateway and RD Web can expose Windows systems via log in pages. It also makes them vulnerable to denial of service attacks.
- Third-party integrations for MFA can be complicated and aren’t completely protected against compromise.
- Installing a VPN (Virtual Private Network) can be a complex process that requires multiple vendors and resources. It can also be subjected to denial of service attacks.
How to Prevent Would-Be Hackers from Accessing Remote Desktops
If you’ve ever been the victim of an infiltration, you already know how powerless you can feel. Even if you’ve poured resources into securing your company network, firewalls aren’t always enough to keep out intruders via a vulnerable remote connection.
There are a few measures you can take to create better remote connections:
Include Multi Factor Authentication
MFA, or two-step authentication, requires users to complete an additional step to access the company network. Typing in a username and password is considered a one-step authentication. MFA adds an additional layer of security by requesting information that only the real user should know.
This might take the form of sending a code via SMS text message, sending an email verification, or other step that only the user should be able to respond to.
Customize Remote Access
You should consider limiting what applications and data users are able to access remotely. You can set privileges per user so that in the event you do become hacked, you’re not putting your entire network at risk.
You can set a certain number of login attempts before the system locks out a user. This not only helps prevent brute force attacks, but can also raise the red flag that something isn’t right.
How TruGrid Protects Your Remote Connections
TruGrid’s security was designed to create the most secure remote connections possible using the above factors and more.
As the quickest way to secure RDS, TruGrid’s services combat the challenges and vulnerabilities of traditional methods. There’s no need for third party VPNs, Microsoft RD Web and RD Gateway, or other third-party integrations. TruGrid uses MFA and does not send passwords until MFA has been verified to eliminate password hacks.
In addition, TruGrid does not require your firewall ports to be open for Windows RDS systems. No one will know your RDS exists because it won’t be exposed directly to the internet.
TruGrid can be deployed at scale within 15 minutes. Whether you have twenty employees or two thousand employees, you’ll be able to provide secure remote access within minutes of installing TruGrid.
Want to see it in action? Start your free 30-day trial of TruGrid today – no credit card required.