The Risk of Remote Access Using RDP and VPNs
Updated: Dec 24, 2021
With COVID-19 Coronavirus affecting individuals and businesses throughout Australia through social distancing, isolation and complete lockdowns, we are looking at remote solutions to access that all important business data.
For businesses that keep data and essential business applications on their local servers it can be difficult to securely access these without expensive additional IT infrastructure, licenses and hardware. Using Remote Desktop services may seem to be an easy solution to access your remote computers, however there are underlying risks associated with doing this. Turquoise Coast Computers wants to bring your attention to the vulnerabilities and common threats this technology holds.
Unmanaged Endpoints One of the primary security concerns is unmanaged endpoints (endpoint being the computer you are accessing the business network from). By allowing users to connect to your business network from their personal home computers, your organisation is introducing unmanaged endpoints to your network. This opens up a pandoras box of security concerns. For example, when a user is sat at their office computer is it very easy to verify that they are the person using that computer, where as if they are remoting in from their personal home computer it can be hard to determine who is using the remote connection to your business network. Unauthorised users such as family members or a hacker who has already compromised that computer could all have access to your mission critical data and applications. Most workplaces have computer use policies stating computers should only be used for business purposes and business grade security software ensuring the security of the systems. The remote workers personal home computers in some cases have no antivirus or security software and is likely being used for a wider range of entertainment purposes leaving them more susceptible to viruses and being compromised by hackers. These (potentially compromised) unmanaged endpoints present high levels of risk when connected to business networks.
Remote Desktop Services
Remote Desktop Services (RDS) is a component of Microsoft Windows that gives users accessibility by enabling the remote control of a computer over a network connection over a graphical user interface. This access is referred to as Remote Desktop Protocol (RDP).
We often use similar technology to ‘remote’ into your desktops and laptops when offering remote support, but when we do it is done in a safe manner. We can only do it when you are at your device and you have to give us permission for the session. If not set up properly with the right permissions, security flaws and misconfigurations can render RDS vulnerable to the following attacks:
Exposure through the internet
A Windows server can allow Administrator-level users to log in to the host via the service, but when exposed to the internet enables hackers to attempt connections. Internet based attackers can carry out aggressive attacks against the service often targeting the ‘Administrator’ which may not be configured with a account lockout. After multiple attempts the password can be figured out, resulting in a large security breach for your organisation. It can also facilitate further attacks against trusted or connected infrastructure.
The Remote Desktop service (by default) uses an encryption setting at a medium level of “Client Compatible”. This level of encryption encrypts data sent between the client and the server at the maximum key strength supported by the client. The medium level of “Client Compatibility” is used in an environment containing mixed or earlier-version clients to ensure the older clients can still connect. The medium setting may facilitate the use of weaker encryption which could be de-crypted in a reasonable time-frame and lead to the disclosure of sensitive information.
Network Level Authentication – Denial of Service
It is a risk if your business’s Terminal Servers support Network Level Authentication (NLA) but have not configured it appropriately. NLA requires the client computer to put in user credentials for authentication before the server will create a session for that user. If malicious users make repeated connection attempts it may result in legitimate users being blocked login access.
Why Virtual Private Network (VPNS) are also a risk
VPNs can increase RDS security by strengthening the security, making it harder to intercept your connection. The problem is that setting up VPNs comes with similar risks as the RDP service its trying to protect, leaving you with greater security risks and exposure to viruses (the virtual kind) as with RDS mitigating these risk can be time consuming and costly.
Solution for Remote Access
At Turquoise Coast Computers, we have engineered a wide range of innovative and cost-effective solutions that mitigate the risks presented in this article without expensive hardware, software or licenses. Through the correct configuration, applying a Two Factor Authentication (2FA) that can easily be set up to come through on the user’s mobile device and tunnelling technology, you can easily gain secure access to remote computers and servers at a fraction of the cost.
If you would like more information regarding this, please contact us to discuss your requirements and we would be happy to assist you: