A study by Rapid7 identified 500.000 RDP endpoints without any decent security measures. 3.5Mio other RDS endpoints were leveraging higher security standards, but are still at risk. The adoption of Awingu on top of RDP will significantly reduce the risk and exposure.
RDP, or the ‘Remote Desktop Protocol’, is one of the most adopted solutions by IT departments worldwide. It enables users to remotely access a desktop or application. The protocol exists since the 90’s… but from a security perspective, it’s also provided to be a roller coaster ride. As “jhart” writes in his blog on Rapid7.com: “Since at least 2002 there have been 20 Microsoft security updates specifically related to RDP and at least 24 separate CVEs”.
Rapid7 analyzed the usage of RDP worldwide. The results of their recent (July 2017) Sonar study comes with interesting results. It suggests there are 11 million open 3389/TCP endpoints, of which “4.1 million responded in such a way that they were RDP speaking of some manner or another.” The RDP endpoints identified by the Sonar study were not applying any of the basic firewall rules or ACL’s for protection.
Mapped per country, the distribution of the 4.1 million RDP endpoints is as follows:
The study also looked into the providers of these exposed RDP endpoints. Not coincidently, large hosting/cloud providers came up high on the list.
Of the 4.1 Million exposed RDP endpoints, roughly 85% used ‘more than standard’ security protocols: CredSSP and/or SSL/TLS. That’s a good thing. The other 15% – that’s 500.000 RDP endpoints – depended on standard RDP security only. They are disasters waiting to happen…
Securing RDP is hard. Numerous best-practices can be found on the web, sometimes a little outdated, but still highly relevant. In recent RDP versions, Microsoft put great effort in drastically improving security, not only by extending security options but even more by providing more sensible configuration defaults. Therefore, where possible, upgrading to the latest RDP version (thus Windows version) is always a good start. That being said, as pointed out in the “Securing Remote Desktop for System Administrators” best-practices guide from Berkeley, having additional security on top is advised – especially when exposing RDP on the public internet in some way.
As “jhart” indicates in his blog post, one of the main reasons for the wide adoption of RDP is the undeniable convenience it provides. People want to get their job done. Hence, additional security should not get in the user’s way and derogate the convenience RDP provides. This is one of the primary reasons why proper firewall rules or ACLs restricting RDP access are lacking in the first place.
Where typical solutions such as VPN are costly and complex (for both user and administrator), Awingu can offer a very simple solution and will maximize the security.
With Awingu, the access to the desktop or application runs via a browser and no longer an RDP client. Meaning that people with bad intentions will not be able to leverage weaknesses of the RDP protocol. In order to increase the security of the browser based access, Awingu will enable:
- Multi-Factor Authentication: Awingu comes out of the box with support for numerous “Multi-Factor Authentication” (MFA) options. Leveraging MFA would prevent any ‘brute force’ attack to take place.
- Throttle login attempts: Even if MFA is not adopted, Awingu will automatically throttle login attempts so that brute force would not be successful either.
- Hassle-free SSL: Use your own certificates or enable SSL with a single click using the built-in Let’s Encrypt integration
- Extended auditing and Anomaly Detection: You can keep using your existing RDP logging tools. Awingu provides you with additional audit information and insights using anomaly detection.
- No direct access to shared drives:
Read all about Awingu’s security & compliance enable features here.
By: Kurt Bonne (CTO Awingu)