With telecommuting and remote work on the rise as a result of the COVID-19 pandemic, Remote Desktop Protocol (RDP) usage has drastically increased. RDP allows end-users to connect to organizational systems remotely, ultimately increasing productivity and reducing the need to purchase additional hardware to support those who may work both in the office and at home. While the benefits are plenty, the increased usage has also resulted in an increase in the number of targeted attacks to poorly secured network protocols and services. To combat commonly exploited protocols, the Center for Internet Security, Inc. (CIS) has released guidance to help organizations mitigate these risks to protect and defend against the most pervasive cyber threats faced today that can be exploited through RDP.
CIS’s guide, Exploited Protocols: Remote Desktop Protocol, leverages best practices from the CIS Controls and secure configuration recommendations from the CIS Benchmarks to help organizations secure their RDP from attacks. Each section provides a high-level overview of the direct mitigation for securing RDP, followed by applicable CIS Controls and CIS Benchmarks. The CIS Controls include, and are ordered by their respective mapping to the NIST Cybersecurity Framework (NIST CSF).
“Remote environments have always been a desired target for attackers to conduct a cyberattack, and COVID-19 has increased that attack surface,” said Curtis Dukes, CIS Executive Vice President & General Manager, Security Best Practices. “The purpose of the CIS guide is to provide an overview of what RDP is, the attacks associated with this protocol, and how an organization can best protect itself against an RDP-based attack.”
Exploited Protocols: Remote Desktop Protocol addresses basic cyber hygiene and is intended to assist organizations that would like to start using RDP, or those already implementing it, secure their systems via a few low-cost, or no-cost mitigations. These are just a few of the most important recommendations for any organization using RDP:
- Place RDP-enabled systems behind a Remote Desktop Gateway (RDG) or virtual private network (VPN)
- Update and patch software that uses RDP
- Limit access to RDP by internet protocol (IP) and port
- Use complex, unique passwords for RDP-enabled accounts
- Implement a session lockout for RDP-enabled accounts
- Disconnect idle RDP sessions
- Secure Remote Desktop Session host
RDP-based attacks can flourish not because their targets lack the most expensive software or applications, but rather because they lack basic cyber hygiene. The CIS Controls and CIS Benchmarks included in Exploited Protocols: Remote Desktop Protocol can help organizations effectively strengthen their basic cyber hygiene, and help protect against RDP-based attacks.