Would you like to see the site in a different language?

English
English Español Italiano Português do Brasil Português Français Русский 日本語 Polski 简体中文 繁體中文 Türkçe 한국어 Čeština العربية Bahasa Indonesia Tiếng Việt Nederlands ไทย Magyar Slovenčina Svenska Ελληνικά Română فارسی Dansk Български Suomi Hrvatski Norsk bokmål Català Bahasa Melayu हिन्दी Tagalog English (UK)
Change language
Table of Contents

RDS and TSE systems have long been favorite targets of hackers because they have access to valuable information and they are relatively easy to exploit. A successful attack can result in a variety of devastating consequences including financial loss, damage to brand reputation, and loss of customer trust. Most organizations do not recover from a major security breach, making it absolutely critical to protect your users and customers from threats that target applications and RDS server files systems.

Remote Connections Are Easy Targets For Cyber Attacks

Remote desktop is a common feature in operating systems. It allows a user to log into an interactive session with a graphical user interface on a remote system. Microsoft refers to its implementation of the Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS). It would be fairly reasonable to assume that the majority of security risks would be undertaken by running a RDS server , and there were some quite infamous exploits of it in the past, for example vulnerability to pass-the-hash or MITM attacks on non-encrypted connections. We probably still all remember disabling Remote Assistance and removing associated port exceptions in firewalls as one of the first things we did upon installing Windows. But risks involved in using a RDP client don't seem so self-obvious.Adversaries may connect to a remote system over RDP/RDS to expand access if the service is enabled and allows access to accounts with known credentials. Adversaries will likely use Credential Access techniques to acquire credentials to use with RDP. They may also use RDP in conjunction with the Accessibility Features technique for Persistence.While you will not be able to find documentation on self-propagating exploits (i.e. viruses, trojans, or worms) taking advantage of Remote Desktop Connections through the use of the updated RDP protocol clients, there are still some risks involved with connecting to RDP servers:

  • User activity tracking and key logging : In essence, a RDP server could log all your activities on it, including websites you browse to, files you downloaded, documents you accessed and were changed, passwords you entered to access remote services through the RDP server, basically keep track of your complete user session.
  • Infection of client through remote hosted files : Any files you download from the server hosting a RDP session could be tampered with, or infected with malware. You could falsely rely on any of those files, thinking that since you downloaded them during your previous RDP session, they weren't tampered with or infected in the meantime, while you transferred them to your RDP client and opened/executed/...
  • Man-in-the-middle (MITM attack) : Similar to the user's activity tracking, only this time the attacker is active on the RDP server you connect to and is listening in on your RDP client to RDP server connection, RDP server to remote LAN / WAN connections, or possibly both. On top of being able to inspect contents of exchanged network packets, the man-in-the-middle is also able to change their contents. The RDP session can be encrypted using TLS, effectively preventing eavesdropping on it, but that isn't necessarily the case anywhere you connect to (remote LAN or WAN) using the RDP server.
  • Social engineering attacks : You could be a victim of a social engineering attack where the attacker gains your trust under false pretense, and cons you into entering a RDP server address that you believe can be trusted in your RDP client while establishing a new session, but the address you entered is actually of attacker's choosing. The attacker could host a RDP server on that address for the sole purpose of recording your login credentials for another, real RDP server you intended to connect to.

Protect Your RDS Server From Any Malicious People

We have probably left out a lot of other possibilities to abuse users trust on the RDP server they're establishing a session with but the user assumes this trust anyway, failing to see the potential danger in doing so. These four example attack vectors should be hopefully enough to demonstrate that there is a clear need for using RDS-Knight to prevent brute force attacks and to protect your RDS servers. RDS-Knight Security solution consists of a robust and integrated set of security features to protect against these Remote Desktop attacks. We are the only company that delivers a complete solution with the proven performance and security effectiveness to meet the increasing demands of hosted RDS servers.

Share :

Facebook Twitter LinkedIn

Your RDS Tools Team

Related Posts

RD Tools Software

"How to Remote Control a Computer: Choosing the Best Tools"

For quick support sessions, long-term remote work or administration tasks, remote access and control is a versatile tool. Remote controlling a computer allows you to access and manage another computer from a different location. Whether you are daily providing technical support, accessing files or managing servers or will need to in the future, read up on how to remote control a computer, checking through the principal methods and their main features to find out which may be better suited to your infrastructure, usage and security requirements.

Read article →
back to top of the page icon