Security News > 2021 > May > Defending against Windows RDP attacks
Some DDoS attacks are leveraging RDP servers to amplify their effect, and malware like Trickbot is employing scanners to identify vulnerable open RDP ports.
RDP needs to be well protected, and direct access should never be provided to an RDP server.
The problem with public RDP. By its own nature, an RDP service must run with enough privileges to operate a machine as another user, including the administrator.
Access to RDP services should only be possible after authentication and authorization has already been performed.
Typically, this means RDP should be deployed behind a secure gateway that serves as the only means of accessing the RDP service.
All machines on the network that enable RDP should be locked down so that they can only be accessed via the gateway, ensuring that unauthorized access to one machine does not imply access to all others on the network.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/dS1iT7TQ2-c/
Related news
- Windows Update downgrade attack "unpatches" fully-updated systems (source)
- “Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days (source)
- Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities (source)
- PEAKLIGHT Downloader Deployed in Attacks Targeting Windows with Malicious Movie Downloads (source)
- Novel attack on Windows spotted in phishing campaign run from and targeting China (source)
- Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)