Security News > 2021 > May > Defending against Windows RDP attacks
Some DDoS attacks are leveraging RDP servers to amplify their effect, and malware like Trickbot is employing scanners to identify vulnerable open RDP ports.
RDP needs to be well protected, and direct access should never be provided to an RDP server.
The problem with public RDP. By its own nature, an RDP service must run with enough privileges to operate a machine as another user, including the administrator.
Access to RDP services should only be possible after authentication and authorization has already been performed.
Typically, this means RDP should be deployed behind a secure gateway that serves as the only means of accessing the RDP service.
All machines on the network that enable RDP should be locked down so that they can only be accessed via the gateway, ensuring that unauthorized access to one machine does not imply access to all others on the network.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/dS1iT7TQ2-c/
Related news
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Windows kernel bug now exploited in attacks to gain SYSTEM privileges (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)