Introduction

In today’s virtual world, the need to connect and access to other devices is becoming of paramount importance, especially with the boom and longevity of the Remote Workforce.  There is one tool out there that has been used for quite some time. It is available from Microsoft, and it is known as the Remote Desktop Protocol or RDP for short.

But as useful as it has been, recently it has become a prime target in the crosshairs of the cyberattacker.  There are security issues with it, and we will address them in this article.  Also, we will provide an alternative to the RDP.

An Overview Into The RDP

Essentially, the RDP is a network communications protocol that was developed exclusively by Microsoft.  It is actually a part of the T.120 set of protocols that stem from the standards that come from the International Telecommunications Union, also known as the ITU.  As its name implies, the RDP has been designed so that it provides a graphical user interface for the end-user to connect to another computer or server that could be on the other side of the world within just a couple of minutes.

When the connection has been established, the end-user will experience the same kind of computing environment as they would if they were directly logged into the remote device.

To first start using the RDP, you must have the client application already installed on your computer.  This is freely available in all versions of the Windows 10 OS.  This application is also referred to as the Remote Desktop Connection or also technically known as the “Terminal Services Client.”  The RDP is also available via the MS-DOS command line, and this is also known as the “rdesktop.”

To establish the two-way flow of network communications, the following parameters are used:

  • The TPKT protocol (to network administrators, they refer to this as the “ISO Transport Service on top of the TCP”;
  • The X.224: This is the actual connection request that is first made using the RDP protocol when the end-user attempts to login into the remote computer from their own device;
  • The T.125 MCS: This stands for the “Multipoint Communication Service” protocol, and this is what enables the remote computer to connect back to the device of the end-user, and thus, it creates the flow network communications between the two.

Once the RDP connection has been firmly established, the end-user can also gain access to the other resources that are available on the remote computer, such as files of all types and kinds, and even a printer.

The Security Pitfalls Of Using The RDP

Despite the ease of use and great levels of convenience that the RDP offers, it suffers from several key security vulnerabilities, which are as follows:

  • Memory Buffer Overflows:

This happens when there is a malware payload that has actually been installed onto the remote computer.  Once the RDP connection has been established, the cyberattacker can use memory buffer overflows to launch remote code execution (RCE) attacks on a device that is connected on the other side.  Although this has been supposedly patched, there are still backdoors in which the cyberattacker can still penetrate with relative ease.

  • The BlueKeep Code Bug:

In this situation, the cyberattacker can actually spread malware from other remote computers to the end device (and vice versa), if there is more than one session that has been initiated.  This required no intervention whatsoever, and this vulnerability became known as the CVE-2019-0708 or “BlueKeep.”  Also, malicious, arbitrary code could be easily installed onto the device that initiated the RDP session, bypassing all authentication mechanisms.

  • The Clipboard Vulnerability:

This makes of the Clipboard functionality in both the remote and host computers, and typically makes use of the “Click and Paste” property.  For example, any malware on the remote device can deliver and automatically save any arbitrary file onto a host device in covert locations that cannot be easily seen by the end-user.  These files are typically launched and executed upon startup and gives the cyberattacker complete control of the host device.

  • Man In The Middle Attacks:

RDP is very prone to this kind of vulnerability because it acts as the bridge or conduit from the host to the remote computer, and vice versa.  In this particular instance, the cyberattacker exploits the weaknesses that are found in both the Address Resolution Protocol (ARP) and the Domain Name System (DNS).  From here, both the host and remote devices can act as “zombies” and send ransomware to other computers quickly and without much effort.

  • Credential Harvesting:

This refers to the fact that a cyberattacker can amass a gargantuan amount of login credentials by exploiting the weaknesses that are inherent in the RDP.  Keep in mind, that while it does have a particular layer of encryption (128 bits), it does not offer much in the way of authentication, because only a single password is required to launch the keep the RDP session running for as long as it is needed.  If the cyberattacker is able to penetrate into either the host or the remote device, then it is quite possible that can break into other computers in which RDP sessions have been activated.  From here, they can quite easily collect all sorts of usernames and passwords and sell them on the Dark Web for as little as $6.00 for each record hijacked.

  • Distributed Denial of Service (DDoS) attacks:

In this kind of scenario, the cyberattacker will scan an entire range of IP addresses, open and available network ports, in order to guess the password that was used to launch just a single session.  Once this has been accomplished, the cyberattacker can then execute a DDoS attack, which can slow and even shut down other RDP sessions in a cascading effect.

 

Conclusions – The Alternative

Based on what has been presented in this article, the risks of using RDP far outweighs the benefits of using it.  So what can be done about this?  Well, you can use Google to conduct a search and find out how you can further secure your use of RDP, or you can implement this alternative:  Just simply deploy your IT Infrastructure into Microsoft Azure, and you can create all of the Virtual Machines (VMs) that your business will ever need.

Once this has been done, you can log into and access them directly from just about any web browser, thus bypassing the need for RDP all together.  If you need help with this or have other related questions, contact us today!

Sources