How to effectively combat RDP attacks for secure remote access | SC Media

How to effectively combat RDP attacks for secure remote access

September 4, 2020
Attacks on RDP servers have tripled in the U.S. since March. Today’s columnist, Amit Bareket of Perimeter 81, offers some tips on how to better manage servers that run over the Microsoft protocol. (Photo by Smith Collection/Gado/Getty Images)
  1. Adopt a strong security policy. By enforcing companywide security policies such as updating credentials periodically, utilizing stronger passwords and logging IP access, companies can better prevent and detect threats, analyze network activity and offer remediation. With a strong security policy in hand, the team will have a more complete battle strategy against RDP attacks, ensuring the security of remote activities.
  2. Take a proactive approach. To prevent RDP exposure inside the organization, create a security policy to handle endpoints and ensure secure access. However, not every policy strategy works for every business. Instead, develop a proactive and customized approach. By creating policies geared for the organization’s endpoints and which limit the amount of RDP user access, security pros can effectively block ports from unauthorized internet access. With the right policies in place, the company’s servers will be more secure moving forward.
  3. Strive for full network visibility. Establish network visibility to accurately fight off potential RDP attacks. By monitoring who and what’s happening in the network, businesses can identify and analyze all remote desktop traffic entering the network. Segmenting access also makes visibility easier. By allowing access only to the resources users need to do their jobs, the IT and security teams get a full, 360-degree view of network activity. With complete visibility, constant monitoring and proper network segmentation, the company can decrease the likelihood of RDP attacks.
  4. Implement secure remote access with MFA. With the help of a secure remote access solution that integrates multi-factor authentication with RDP ports, the IT team can customize user access to each port per access-group -- instead of giving blanket access to everyone. By enforcing user authentication with every RDP login, security teams can decrease or block any brute force attacks on RDP from the get-go.
  5. Enforce user restrictions with the privileged access model. Many remote access solutions like VPNs offer a limited protocol-level classification for user access and thus create the challenge of unfiltered traffic. Implementing strong user restrictions with a privileged access model lets IT teams limit who has secure access to resources, applications and corporate data. In restricting access to remote desktops, security teams can effectively prevent any unauthorized and malicious attackers that have accessed a remote desktop from fully breaching the network.
prestitial ad