3

I have just started work for a small (100-150 employees) company. I noticed that anybody can remote in to the remote server using the correct domain, which is quite easy to guess based on the company name and the name of the server.

Seen as RDP is not behind a firewall or VPN and therefore accessible to anybody who a) knows the address and b) knows a user account - is it a big security risk?

I believe RDP has some in-built protection against brute force attacks, is there any other way somebody could gain unauthorized access?

Should I push to have RDP only accessible via VPN?

Thank you.

Adam T
  • 141
  • 1
  • 4

2 Answers2

2

Edited answer as my initial understanding was both the password and domain were easily guessable.

An RDP port exposed to the public internet is unnecessarily risky, and you should take whatever steps you can to put it behind the VPN you suggested. While the password isn't easily guessable, taking it off the public internet removes an attacker's opportunity to attempt to guess the password at all.

RDP doesn't have a great history with security vulnerabilities - if you're running an old version it is likely to be exploited, and there is no guarantee the current version isn't vulnerable to some currently unknown exploit.

Exposing an adequately-secured RDP port on the open internet isn't a guaranteed entry point for attackers into your network, but it is a high and unnecessary risk that. Off the top of my head I can't imagine a use case where a doesn't have VPN access but does have RDP access to a server on that network - unless you have a very good reason for it the RDP port should be behind the VPN.

Buffalo5ix
  • 2,636
  • 12
  • 18
  • In theory, yes, the domain to remote in is rather guessable based on the name of the company. In terms of credentials we do use a fairly strong password requirement policy, so it wouldn't be very straight forward to guess them. – Adam T Apr 16 '18 at 20:49
  • However I personally do want to put it behind a VPN. I will look some more into it. Thank you. – Adam T Apr 16 '18 at 20:50
  • If it's behind a VPN, then the attacker has to guess your VPN credentials, then guess your RDP credentials, right? I would expect Microsoft RDP to be significantly more hardened than most VPN software. – lmat - Reinstate Monica Aug 22 '20 at 01:42
1

Your question basically is "which system should I put my trust in to be secure: Windows RDP, or [vpn appliance x]?" Its hard to argue the answer is Windows RDP considering it is a fairly complex utility without internet facing security at the forefront (see for example this bulletin: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-067) Outside of those kinds of bugs, to your question about brute force protection, there actually isn't any inherent, it relies on the failed authorization lockout protection you might be employing on your domain (which hopefully you have).

Finally, for these (and other reasons) Microsoft specifically developed the RDP Gateway set of tools that provides an extra layer considered "more safe" if you want a protection mechanism besides a fully wrapped VPN.

Jeff Meden
  • 3,966
  • 13
  • 16