RDS and TSE systems have long been favourite targets of hackers because they have access to valuable information and they are relatively easy to exploit. A successful attack can result in a variety of devastating consequences including financial loss, damage to brand reputation, and loss of customer trust. Most organisations do not recover from a major security breach, making it absolutely critical to protect your users and customers from threats that target applications and RDS server files systems.
Remote Connections Are Easy Targets For Cyber Attacks
Remote desktop is a common feature in operating systems. It allows a user to log into an interactive session with a graphical user interface on a remote system. Microsoft refers to its implementation of the Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS). It would be fairly reasonable to assume that the majority of security risks would be undertaken by running a
RDS server
, and there were some quite infamous exploits of it in the past, for example vulnerability to pass-the-hash or MITM attacks on non-encrypted connections. We probably still all remember disabling
Remote Assistance
and removing associated port exceptions in firewalls as one of the first things we did upon installing Windows. But risks involved in using a
RDP client
don't seem so self-obvious. Adversaries may connect to a remote system over RDP/RDS to expand access if the service is enabled and allows access to accounts with known credentials. Adversaries will likely use Credential Access techniques to acquire credentials to use with RDP. They may also use RDP in conjunction with the Accessibility Features technique for Persistence. While you will not be able to find documentation on self-propagating exploits (i.e. viruses, trojans, or worms) taking advantage of
Remote Desktop Connections
through the use of the updated RDP protocol clients, there are still some risks involved with connecting to RDP servers:
-
-
User activity tracking and key logging
In essence, an RDP server could log all your activities on it, including websites you browse to, files you downloaded, documents you accessed and changed, passwords you entered to access remote services through the RDP server, basically keeping track of your complete user session.
-
-
Infection of client through remote hosted files
Any files you download from the server hosting an RDP session could be tampered with, or infected with malware. You could falsely rely on any of those files, thinking that since you downloaded them during your previous RDP session, they weren't tampered with or infected in the meantime, while you transferred them to your RDP client and opened/executed/...
-
-
Man-in-the-middle (MITM attack)
Similar to the user's activity tracking, only this time the attacker is active on the RDP server you connect to and is listening in on your RDP client to RDP server connection, RDP server to remote LAN / WAN connections, or possibly both. On top of being able to inspect contents of exchanged network packets, the man-in-the-middle is also able to change their contents. The RDP session can be encrypted using TLS, effectively preventing eavesdropping on it, but that isn't necessarily the case anywhere you connect to (remote LAN or WAN) using the RDP server.
-
-
Social engineering attacks
You could be a victim of a social engineering attack where the attacker gains your trust under false pretenses and cons you into entering an RDP server address that you believe can be trusted in your RDP client while establishing a new session, but the address you entered is actually of the attacker's choosing. The attacker could host an RDP server on that address for the sole purpose of recording your login credentials for another, real RDP server you intended to connect to.
Protect Your RDS Server From Any Malicious People
We have probably left out a lot of other possibilities to abuse users' trust on the RDP server they're establishing a session with, but the user assumes this trust anyway, failing to see the potential danger in doing so. These four example attack vectors should be hopefully enough to demonstrate that there is a clear need for using
RDS-Knight
to prevent brute force attacks and to protect your RDS servers.
RDS-Knight Security solution consists of a robust and integrated set of security features to protect against these Remote Desktop attacks.
We are the only company that delivers a complete solution with the proven performance and security effectiveness to meet the increasing demands of hosted RDS servers.