As work from home is the new norm in the COVID-19 era, you’re probably looking to enable remote desktop connections for your off-site staff. Here’s how to do it securely.
Undoubtedly, having remote access to your workstations’ or servers can enable better management, right? However, with the current upsurge of hackers, such can be a pipeline dream. A small security breach, such as the access of your administrator’s login to your domain controller, can lead to massive losses of resources.
For instance, the loss of your company’s intellectual property, the encryption of your files for ransom purposes, or loss of huge amounts of money through dubious corporate emails send to your accounting department and books.
In this post, we look at the different ways you can restrict your RDP to defend it against (all remote access software such as PC Anywhere, VNC and Teamviewer, among others, as well as Microsoft’s RDP) attacks. Here we go!
Limit access to your resources
By allowing access only from internal addresses coming from your company’s VPN server helps in preventing the exposure of your RDP connection ports to the public internet. By doing so, you will reduce the chances of your RDP being attacked.
Nevertheless, if exposing your ports is the only way out, you can serve your RDP on a non-standard port number to protect it against simplistic worms that can attack your network through its ports.
On the flip side, this method can’t protect your RDP from sophisticated attackers as a majority of network scanners check all ports for RDP activity.
Consequently, you will be forced to stay on constant alert regarding any login activities or network access in your RDP server logs, since an attacker can strike at any time.
Utilize Multi-Factor Authentication (MFA)
Another way to secure your RDP is to ensure that your remote workers are utilizing another authentication layer (MFA), as we have discussed in this post.
Whitelist allowed IP addresses
To create a list of allowable addresses that will have access to your workstations, you can instruct your employees to look up for their IP addresses and surrender them to your IT personnel. With this list, you can have control over your resources, for instance, who can access them or not.
Alternatively, you can build a whitelist of allowable IP’s by enabling their subnet, since dynamic home IP addresses would typically fall within a subnet after a router reboot or other network maintenance on the client end.
Off late, there is an increasing trend regarding RDP attacks; therefore, it is essential to ensure that yours is patched to the current security level to avoid issues.
You can find more information about securing your RDP in this post. In case you have more inquiries regarding RDP software or any other thing to do with it, then ESET has been here for you for over 30 years. We want to assure you that we will be here to protect your online activities during these uncertain times, too.
Protect yourself from threats to your security online with an extended trial of our award-winning software.
Try our extended 90-day trial for free.