Remote Desktop Protocol (RDP)
What is Remote Desktop Protocol?
Remote Desktop Protocol (RDP) enables remote connection to a Windows server or computer. RDP allows an external desktop to be visible on the internal device and transmits the keyboard, mouse, and all other relevant peripheral equipment to the external device. RDP is particularly useful for people who work from home and system administrators. Home workers can still access the office server in this way. System administrators can use it to manage Windows Servers remotely.
RDP: How does it work?
As mentioned above, home workers can connect their computer to a computer or the server at the office. Another possibility is setting up a "Remote Desktop Server." This is also known as the "Remote Desktop Session Host" or "Terminal Server" and is used so that multiple employees can connect simultaneously and therefore all work from home or elsewhere. To gain access, users need to be authenticated, and in many cases, two-factor authentication is used for extra security.
RDP: Connecting
There are four steps needed to use RDP:
- The factory settings of devices are such that external connections are disabled by default. The first step is to enable external connections under 'external connections' and then 'allow external connections,' and then choose to only allow connections via Remote Desktop for extra security.
- Step 2 is to disable sleep mode for optimal use of Remote Desktop.
- Then the user must connect to the relevant server or computer on location. This can be done by finding the IP address and then searching for 'Remote Desktop' in the search bar. After that, the IP address, username, and password can be entered, and finally, click on 'connect.'
- The last step is to choose 'still connect' when a security warning appears on the screen. This is because a connection is being made to another computer and is therefore for verification. Now all the steps should be taken, and work from home with the server or computer at work should be possible.
What can users do with RDP?
There are multiple things that can be done with RDP that are important for different groups:
- Helpdesk administrators and technical support staff can use it to maintain, troubleshoot, repair, and install servers and desktop computers.
- Marketing and sales personnel can use it to demonstrate certain applications and/or processes remotely instead of only on-site.
- RDP can be used in conjunction with cloud computing. This way, Microsoft Entra ID customers can use RDP to access virtual machines in the Entra ID cloud.
- Lower quality devices can access more powerful external devices through RDP.
RDP: Risks
Accessing certain devices remotely also comes with some risks. It provides opportunities for people with bad intentions to intervene. Remote access makes it easier for hackers to gain access. Sensitive information is often stolen, corporate networks are infiltrated, or malicious software is installed through this method.
Cyber researchers indicate that hackers are scanning these types of protocols. The number of accessible systems via RDP has increased, especially during the corona period when a large part of the people had to work from home and accessed servers that are normally available on-site through RDP. This has significantly shifted hackers' interest towards this protocol.
RDP: Preventing Risks
To reduce the risks mentioned in the previous paragraph, there are several measures that users can apply:
- The first step that can be taken is to ensure that the RDS is directly accessible via the internet. Users are better off purchasing a VPN connection to reach the on-site server through this VPN connection.
- If there is no possibility to purchase a VPN, users can set up a Remote Desktop Gateway. This way, the server is connected through an HTTPS protocol so hackers cannot see users' RDP traffic.
- In case both a Gateway and VPN are not possible, it is important that users only allow traffic from and to trusted IP addresses to keep the risk as low as possible.
- Further tips include keeping the servers and computers up to date with security updates, allowing RDP connections on a computer or server only through Network Level Authentication (NLA), using strong passwords, and utilizing two-factor authentication.