Remote Desktop Protocol: Securing AccessChris Morales of Vectra Says Keep RDP Access on a Tight Leash
Microsoft's Remote Desktop Protocol, or RDP, is one of the most widely used utilities for connecting to remote machines. But it poses risks if organizations don't actively monitor how it's being used, says Chris Morales of the security firm Vectra.
Monitoring RDP use is particularly important if organizations have RDP connections with service providers, which increase the potential attack surface, he says in an interview with Information Security Media Group. In a recent example, 22 government agencies in Texas saw their IT systems infected with ransomware after their shared service provider was compromised (see: Texas Says 22 Local Government Agencies Hit by Ransomware).
"It becomes more of an issue of managing the supply chain and managing other vendors," Morales says.
RDP can be better managed by ensuring the use of complex passwords and limiting RDP's use to the correct systems. Also, monitoring who uses RDP, how and where can serve as a baseline for detecting anomalous behavior, he says.
In this interview (see audio link below photo), Morales discusses:
- How third parties with RDP access can increase risks;
- Forensic signs that intruders may be abusing RDP;
- Best practices for securing RDP.
Morales is head of security analytics at Vectra, where he focuses on studying attacker patterns and behaviors. He previously was principal security architect for HyTrust and practice manager within the office of the CTO for NSS Labs.