Here’s What Remote Workers Should Know About RDP Security

Remote desktop protocol has been around since Microsoft created it in the ’90s, but has security for the data-sharing protocol stayed in the past?
We may receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

Remote desktop protocol (RDP) is a way of remotely accessing a computer or server without being in the same physical location as the machine in question. Let’s say a remote worker on a three-month stint in southern Italy needs to use the office computer — that’s where an RDP connection comes into play.

Unfortunately, due to the open nature of RDP, it’s a gold mine for hackers and cyber thieves. But how exactly does it work? And how can you keep yourself from being hacked?

By understanding the security risks and practicing good internet hygiene, you should be able to use this valuable tool without becoming a victim. Here’s what to know.

In this article
What is RDP?
Common RDP vulnerabilities
How to secure your RDP ports
Alternatives to RDP
FAQs about RDP security
Bottom line

What is RDP?

RDP is a Microsoft-developed protocol for network communications on Windows.

RDP gives workers access to their physical computers even if they’re halfway across the world. It also allows administrators or IT teams the ability to remotely check on a machine. This could be for either maintenance, upgrades, security updates, or anything else they may want to do on the computer.

Essentially, it allows you to use a computer or server in one location while you’re in another. This became especially important during the pandemic.

When workers and students went remote in 2020, the use of RDP jumped 41% in the first few weeks of March alone.[1] Teachers could access their school servers with all their lesson plans and notes. Workers were able to pull up their files without the use of file share sites such as Dropbox.

It’s an extremely useful tool that also has the potential to be misused by cybercriminals if you don’t properly secure your device.

How does RDP work?

RDP is a fairly complicated protocol that results in the ability to share data between machines. Let’s look at it as if you were a remote worker wanting to access the company database in a remote desktop session. Essentially, we can break RDP functionality down like this:

  1. You, the remote person, make a request from your workstation to the physical Windows server at the company.
  2. The server looks at the machine where you’re making a request to check out the settings and exchange settings data.
  3. The server accepts your request and connects you.
  4. Your machine checks the security on the company server to make sure it’s safe.
  5. Your machine sends your security info so the server knows you’re safe.
  6. The server sends back licensing data letting your computer know it has permission to access it.
  7. Your machine checks if the server can handle your request.
  8. The server returns that check with its information to make sure the request is compatible.
  9. Each machine finalizes the connection.
  10. You can now exchange data.

Although this is a lengthy read, the entire process takes as long as a sip of coffee to complete. You can then use the channels created with this remote access to share data back and forth.

Should you use RDP?

You may not have a choice. RDP is a preferred method of connection for many businesses, especially if the information requires more security.

Although some companies are able to use services such as Google Docs to share workloads, some may work with more sensitive information. In that case, RDP is a secure line between the remote computer and the physical machines that doesn’t involve a third party like Google.

RDP is as safe as any other connected activity like surfing the internet or torrenting. Because it’s a form of connecting to another device, there are always risks. That’s why you should be using complex passwords, a strong and secure antivirus, and a virtual private network (VPN).

Common RDP vulnerabilities

Most RDP vulnerabilities are based on human error. Poor password health and unrestricted access are some of the most common ways hackers get in through RDP ports. In fact, there’s software built just to scan the internet for open RDP ports.

Once a cybercriminal finds a vulnerability, they can brute force their way into the machines. RDP ports are currently responsible for the majority of cyber attacks. But what do these hackers want once they’re in? Well, they can perform a number of deceitful operations when they’ve taken over.

These include but are definitely not limited to the following:

Basically, once the threat actor has access to your machine, they have control and can do what they like.

How to secure your RDP ports

Secure remote access is an absolute must if you’re going to be using RDP. Remember, once an RDP connection is made, the hacker could gain complete control over the machine. Luckily, there are several manual and automatic ways to secure RDP ports and prevent hackers from connecting.

Restrict access

When the system administrator is setting up profiles, make sure only the people who need access to certain areas have access to those areas.

Not everyone has to have access to HR files, accounting information, etc. This reduces the risk of unauthorized access of remote desktop services during an RDP session.

Restrict login attempts

Brute force attacks happen when there are no secondary security measures in place. Restrict login attempts to three to five maximum. After that, lock access for physical and remote users. This helps prevent an attacker from endlessly trying to guess credentials.

Use authentication

In addition to restricting login attempts, make sure two-factor authentication (2FA) is enabled. You can even go as far as to insist on multi-factor authentication, which will include more than one additional method of authentication.

For extremely sensitive data, network-level authentication can assist in keeping out hackers as well as employees who don’t need certain clearances. This will not only secure access but also serve as an alert system to potentially unwanted activity.

Use an RDP monitor

RDP monitoring tools allow you to set up alerts, see who’s accessing your system, create reports on attempted RDP sessions, close ports, whitelist users, and even give you a kill switch option to shut down everything if you suspect suspicious activity.

Close RDP ports

If RDP isn’t being used, don’t leave it open. Making sure ports are closed at the end of each session stops those ports from being picked up during an open port scan.

Use a VPN

Using a VPN to encrypt the data being transmitted can help keep your connection secure. Although one of the best VPNs should be an addition to your RDP security measures, it shouldn’t be the only security measure you have in place.

Additional RDP security measures

  • Make sure all software is up to date
  • Use the best cybersecurity software
  • Use strong passwords
  • Limit the number of third-party vendors with access
  • Stay off public internet as much as possible

Alternatives to RDP

RDP is a useful feature that became essential in 2020. Because it’s riddled with security issues, you may feel more comfortable using a different type of remote protocol. There are definitely alternatives available.

Secure Shell (SSH)

SSH is a secure protocol that provides authentication, encryption, and data integrity protection when making a connection.

Although creating the connection from a remote computer to a company server that we explored earlier, SSH encrypts the data exchanges and then authenticates them.

What this means is the data is hidden as it’s being exchanged. After the connection is made, both you and the server you’re accessing are checked to make sure it’s really you and that’s really the server.

Virtual Network Computing (VNC)

VNC is an oldie. Originally developed in 1990 as an open-source research project, it’s considered a little bit slower and less secure than other remote options.

Although there are several different types of VNC connections, if you’re looking for more speed and safety you’ll probably want to choose a different option.

File Transfer Protocol (FTP)

FTP is made for transferring files from one machine to another. Whereas RDP allows you to remotely access another machine, even using it like you would if you were there, you’ll use FTP to transfer files. Because you can use an FTP configuration with a firewall, there’s more security than an open RDP port.

Chrome Remote Desktop (CRD)

C’mon, you knew Google was going to have skin in the game. If it’s tech, Google is going to create its own product. CRD works with Chrome OS or a Chrome browser. Because you have the power of Google behind it, it has the added benefits of Google’s secure connections.

Although they’re typically more secure than their PC counterparts, Chromebooks still need a good antivirus.

FAQs about RDP security


+

Is RDP more secure than a VPN?

No, RDP is more susceptible to threats than a VPN even though both are encrypted tunnels for funneling data.


+

Can RDP be hacked?

Yes, RDP hacking has increased significantly since 2020. Improperly secured RDP connections are the most likely way an attacker can gain access to a machine via RDP.


+

Can ransomware spread through RDP?

Yes, one of the main reasons for hacking an RDP connection is to install ransomware on the host computer or server — or to use the hacked device to install ransomware on another victim.


+

What’s safer than RDP?

Because of encryption and authentication practices, Secure Shell (SSH) is usually considered safer than using an RDP connection.

Bottom line

RDP connections are useful ways to work remotely. Before 2020, these protocols were mostly used for admins and techs who wanted to check on a machine without having to go to its location.

As our world continues to gravitate toward remote work, finding safe ways to connect will need to be a top priority. RDP connections don’t need to be retired, just secured.

Making sure you follow safety best practices, such as using a good VPN and secure antivirus, helps ensure you can continue to enjoy secure connections from anywhere. (If you decide to spend three months working remotely from Fiji though, let us know — you may have a new travel companion.)

4.9
Limited-time offer: 69% off + 3 extra months
Learn More
On NordVPN's website

NordVPN
  • High-quality VPN offering safety and speed
  • Loads of servers for multiple connection options
  • Works with popular streaming services, including Netflix
  • Too many confusing plans

Author Details
Mary lives in Los Angeles and has been a cybersecurity writer for over five years. With a B.S. in Liberal Arts from Clarion University and an M.F.A. in Creative Writing from Point Park University in Pittsburgh, her career in online security began in sales and content creation for a private cybersecurity firm.

Citations

[1] RDP and VPN Use Skyrocketed Since Coronavirus Onset