Saturday, December 5, 2015

How Secure is Remote Desktop Protocol

I think almost all of us have used Remote Desktop Protocol or RDP at some point of our life. It is a proprietary protocol developed by Microsoft to enable connection between hosts over internet through graphical user interface. If you want to connect to remote hosts and work, this is a mostly used protocol. But, as we already know, data transfer through internet is unsecure by default, and so, security of Remote Desktop Protocol calls for question.

How secure is Remote Desktop Protocol?

With a little bit of research reveals that normally Remote Desktop Protocol or RDP is not very secure.

Normally, Remote Desktop Protocol uses native RDP encryption to transfer data between connected hosts. But, this encryption is not very strong. As a result, RDP with native RDP encryption is vulnerable to attacks like MITM or Man In The Middle Attack.

RDP is also vulnerable to Denial of Service Attack or DoS. Originally, if you open an RDP session, the login screen of the server will open for you. And if an attacker abuses that and opens a large number of RDP sessions, it may lead to DoS.

RDP sessions are also susceptible to in-memory user credentials harvesting, which can lead to Pass The Hash attack.

How can Remote Desktop Protocol be made secure ?

From RDP 6.0 onwards Microsoft has introduced Network Level Authentication. It establishes a secure connection between the hosts before any data transfer is made. In this protocol, user authentication is required before a full Remote Desktop connection is established and until then fewer resources of the server is used. It helps in mitigating Denial of Service or DoS attack. It also establishes a SSL/TLS connection and transfers data in secure encrypted format.

In RDP settings one has to click and select Network Level Authentication to get this advantage.

So, be informed about the security issues of software you use and take proper steps for mitigation. And stay safe, stay secured.

1 comment:

  1. How about first going through VPN and get a local ip and then RDP to the target computer ?