Javier Nevado
Apr 01, 2020
Javier Nevado
Apr 01, 2020
While the COVID-19 worldwide situation is still unfolding and the number of cases is increasing daily, quarantine times are being extended for the foreseeable future until a cure or an effective vaccine is researched and widely available. It’s because of this that remote working has become a necessity for businesses to survive. Many small companies with limited resources are struggling to find a way to enable their workers to continue with their jobs.
A solution often adopted in such situations is to provide access to “Remote Desktop Services”. Remote Desktop provides facilitate network access to employees over the internet. But this solution might not be the most adequate and presents several risks that businesses need to evaluate and mitigate against.
The “Remote Desktop Protocol” (known as RDP) allows remote access to a computers desktop by providing the right credentials (username and password). Remote Desktop comes built-in to most versions of Microsoft Windows, making it a perfect candidate for ease of deployment. When used within a private network, it is a very convenient tool, however, once open to the internet public access, it is not secure enough.
Thanks to the wide access to the computer it provides, RDP is used by cybercriminals to launch attacks. Recent statistics show that RDP is the most dominant attack vector, being used in up to 63% of disclosed targeted ransomware campaigns in Q1 2019
Cybercriminals are aware of the valuable information that companies need to make available for their remote workers. To leverage this data, they have developed a wide array of tools to continuously look for remote access points on the internet. Such services are available online and designed to map assets on the internet and can also discover potentially vulnerable targets.
For example, though a quick use of such tools, we found out that in the recent days of COVID-19, RDP in Malta there were less than one hundred (100) open access points. After the lockdown came into effect the number has been steadily increasing to reach nearly four hundred (400) three weeks later.
These tools easily allow cybercriminals to gather a basic understanding of the currently exposed system, their vulnerabilities, other services and potentials usefulness of the data they can contain.
Not only can they access sensitive information should they hijack the login information, they can also deploy ransomware or use the exposed server as part of a wider botnet. There are also several vulnerabilities widely documented that allow targeted outdated systems to be remotely used to DDoS attacks, or just get the servers to be unavailable for remote access.
Buying and selling “Remote Desktop” credentials is also a common practice in criminal markets such as xDedic[2] as reported by kaspersky[3].
Under the current exceptional circumstances, companies must provide the continuity to their remote workers without exposing their valuable data and risking their assets.
Fortunately, there are several options that can help prevent the exposed risks of an open RDP:
A Virtual Private Network (VPN) creates a securely encrypted connection between internally protected servers and outside clients. This allows for a number of services to be available to remote workers without exposing the internal computers to the risk of being hacked.
Most enterprise level firewalls offer a decent level of VPN encryption and deployment options. Some of these devices will require additional licensing to provide the service or provide a limited number of unlicensed connections.
It’s important to note that VPN traffic puts a tax on the amount of traffic the firewall will be able to cope with; this is usually a physical limitation of the amount of processing power available to the device.
Windows Server includes the “Remote Desktop Gateway”. This service creates a secured HTTPS gateway that creates an internal tunneled connection to the Remote Desktop server.
Signed and validated certificates are recommended to deploy this solution, since they will provide the encryption and security.
This solution allows companies to easily leverage the spare processing power in their virtualised environments (creating a new VM to use just as a gateway), although it will require adequate windows licensing. It’s the quickest to deploy and easiest to provide access for remote users, as the only requirement for this to work is to have access to a web browser in order to provide the credentials.
Although not a mandatory option and not to be considered while the remote desktop is publicly available, Multifactor Authentication will substantially improve the security of any publicly available service.
Overlaid on top of the two previous solutions, it is strongly advised to provide multifactor authentication when available.
There are several standard technologies that can be used to gain MFA options like Azure Active Directory, Office or Microsoft 365 subscriptions can also integrate with your RDS Gateway or VPN solutions to allow MFA. RSA keys or Duo are also good options.
The above may sound too complex or technical for many small and medium businesses. At BMIT Technologies we can help you figure out if you have the right set-up in place, and if not, suggest ways how you can address it.
We provide several options to both allow your employees remote access to your servers and applications while keeping your business and data secured and reliable.
