While the COVID-19 worldwide situation is still unfolding and the number of cases is increasing daily, quarantine times are being extended for the foreseeable future until a cure or an effective vaccine is researched and widely available. It’s because of this that remote working has become a necessity for businesses to survive. Many small companies with limited resources are struggling to find a way to enable their workers to continue with their jobs.
A solution often adopted in such situations is to provide access to “Remote Desktop Services”. Remote Desktop provides facilitate network access to employees over the internet. But this solution might not be the most adequate and presents several risks that businesses need to evaluate and mitigate against.
What is Remote Desktop?
The “Remote Desktop Protocol” (known as RDP) allows remote
access to a computers desktop by providing the right credentials (username and
password). Remote Desktop comes built-in to most versions of Microsoft Windows,
making it a perfect candidate for ease of deployment. When used within a
private network, it is a very convenient tool, however, once open to the
internet public access, it is not secure enough.
Thanks to the wide access to the computer it provides, RDP is used by cybercriminals to launch attacks. Recent statistics show that RDP is the most dominant attack vector, being used in up to 63% of disclosed targeted ransomware campaigns in Q1 2019
Cybercriminals know about you
Cybercriminals are aware of the valuable information that companies need to make available for their remote workers. To leverage this data, they have developed a wide array of tools to continuously look for remote access points on the internet. Such services are available online and designed to map assets on the internet and can also discover potentially vulnerable targets.
For example, though a quick use of such tools, we found out
that in the recent days of COVID-19, RDP in Malta there were less than one
hundred (100) open access points. After the lockdown came into effect the
number has been steadily increasing to reach nearly four hundred (400) three
weeks later.
These tools easily allow cybercriminals to gather a basic
understanding of the currently exposed system, their vulnerabilities, other
services and potentials usefulness of the data they can contain.
Not only can they access sensitive information should they
hijack the login information, they can also deploy ransomware or use the
exposed server as part of a wider botnet. There are also several vulnerabilities
widely documented that allow targeted outdated systems to be remotely used to
DDoS attacks, or just get the servers to be unavailable for remote access.
Buying and selling “Remote Desktop” credentials is also a
common practice in criminal markets such as xDedic[2] as reported by
kaspersky[3].
Securing remote work
Under the current exceptional circumstances, companies must provide the continuity to their remote workers without exposing their valuable data and risking their assets.
Fortunately, there are several options that can help prevent
the exposed risks of an open RDP:
Virtual Private Network
A Virtual Private Network (VPN) creates a securely encrypted
connection between internally protected servers and outside clients. This
allows for a number of services to be available to remote workers without
exposing the internal computers to the risk of being hacked.
Most enterprise level firewalls offer a decent level of VPN
encryption and deployment options. Some of these devices will require additional
licensing to provide the service or provide a limited number of unlicensed
connections.
It’s important to note that VPN traffic puts a tax on the
amount of traffic the firewall will be able to cope with; this is usually a
physical limitation of the amount of processing power available to the device.
RDS Gateway
Windows Server includes the “Remote Desktop Gateway”. This
service creates a secured HTTPS gateway that creates an internal tunneled
connection to the Remote Desktop server.
Signed and validated certificates are recommended to deploy
this solution, since they will provide the encryption and security.
This solution allows companies to easily leverage the spare
processing power in their virtualised environments (creating a new VM to use
just as a gateway), although it will require adequate windows licensing. It’s
the quickest to deploy and easiest to provide access for remote users, as the
only requirement for this to work is to have access to a web browser in order
to provide the credentials.
Multifactor Authentication
Although not a mandatory option and not to be considered
while the remote desktop is publicly available, Multifactor Authentication will
substantially improve the security of any publicly available service.
Overlaid on top of the two previous solutions, it is
strongly advised to provide multifactor authentication when available.
There are several standard technologies that can be used to
gain MFA options like Azure Active Directory, Office or Microsoft 365
subscriptions can also integrate with your RDS Gateway or VPN solutions to
allow MFA. RSA keys or Duo are also good options.
What to do next if you use Remote Desktop
The above may sound too complex or technical for many small and medium businesses. At BMIT Technologies we can help you figure out if you have the right set-up in place, and if not, suggest ways how you can address it.
We provide several options to both allow your employees remote access to your servers and applications while keeping your business and data secured and reliable.
Reach out to us.