Hacked via Remote Desktop Protocol (RDP)? It can happen! Brian Krebs’ post shows that there is an underground market for valid remote desktop connections that can be purchased for use by cybercriminals for a wide variety of nefarious purposes. Out of necessity I once published RDP to a Windows server using Forefront TMG 2010 for a short time. I was amazed at how many connection attempts were made! Obviously there are bots that scan the Internet incessantly looking for open RDP ports and when they are found, they try common username and password combinations in an attempt to successfully authenticate. No doubt my IP addresses was recorded in a database in spite of the fact that a login was not successful. It is possible that a vulnerability in RDP with remote execution might be found in the future, at which point I’m certain they would return in attempt to leverage the vulnerability to gain access to my system. In this case the connection was only required temporarily, and I don’t make it a practice to expose RDP directly to the public Internet.
Protecting yourself from these types of attack is simple using established security best practices. DO NOT expose RDP directly to an untrusted network. Access to remote desktop solutions (Microsoft RDP, VNC, etc.) should be performed only via a secure channel such as VPN or Remote Desktop Gateway. Authentication best practices should be followed closely, including the enforcement of long, complex passwords and ideally multi-factor authentication like Windows Azure Multi-Factor Authentication (MFA). Windows Azure MFA is cloud-based, but can also work with on-premises security solutions. Read my article on ISAserver.org to see how I configured Forefront TMG 2010 to work with Windows Azure MFA.
Follow these rules and don’t be a victim!
Great news! I recently accepted a new writing assignment for TechGenix latest web property, CloudComputingAdmin.com. Here I’ll be writing about cloud technologies, including public, private, and hybrid cloud solutions. You can expect that my focus will be primarily with Microsoft cloud solutions, including Windows Azure, Windows Server 2012/R2, Hyper-V, and System Center. In addition, because of my expertise and extensive experience in the fields of networking and security, you can expect many articles closely related to those topics as well.
My first article is Working with Windows Azure Virtual Networks. Read it today!