Security News > 2021 > May > Defending against Windows RDP attacks

Defending against Windows RDP attacks
2021-05-10 04:00

Some DDoS attacks are leveraging RDP servers to amplify their effect, and malware like Trickbot is employing scanners to identify vulnerable open RDP ports.

RDP needs to be well protected, and direct access should never be provided to an RDP server.

The problem with public RDP. By its own nature, an RDP service must run with enough privileges to operate a machine as another user, including the administrator.

Access to RDP services should only be possible after authentication and authorization has already been performed.

Typically, this means RDP should be deployed behind a secure gateway that serves as the only means of accessing the RDP service.

All machines on the network that enable RDP should be locked down so that they can only be accessed via the gateway, ensuring that unauthorized access to one machine does not imply access to all others on the network.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/dS1iT7TQ2-c/