System Security

Strengthen remote access security

LAST EDITED:
PUBLISHED:
30/8/2023

Sharing your RDP credentials with a third-party is like giving a complete stranger the keys to the front door of your house. Without proper credential management, you might be leaving copies of your keys out for anyone to use.

Did you know that sharing your RDP credentials with a third-party is like giving a complete stranger the keys to the front door of your house? No doorbell needed. Especially without detailed logging of every RDP access attempt or success - you are leaving the main entryway unattended and unprotected.

RDP is the leading cause of remote access abuse. This shocking fact can be witnessed as early as the infamous target breach back in 2013 where 40 million credit and debit records and 70 million customer records were lost to cyber criminals. Fast forward to today and read our analysis of recent breaches on supply chain manufactures in Japan [Article PUB]. Without proper credential management, you might be leaving copies of your keys out for anyone to use.

Logging

Proper log settings can help you detect suspicious RDP activity. Logs are also crucial to establishing accountability and investigating an incident. These live in a number of places, most commonly:

"Applications and Services Logs -> Windows -> TerminalServices-*"

Auditing

Manufacturers often require remote access for a number of third-parties who need to access, integrate, or update systems remotely. The danger of leaving this access unprotected can mean the difference of several million dollars in fines, data breach, remediation costs, and IT rebuilding.

Ensure you audit third party access on a regular basis and only provision the minimum access level required to conduct the remote business. Deprovision accounts as soon as the contract or period of service is over. Also, make sure the same strong authentication you require of your own company applies to your third-party providers.

Checklist

Follow this checklist to harden your RDP settings:

  1. Restrict RDP access behind a VPN
  2. Blacklist IP addresses at the Firewall 
  3. Enable MFA for every RDP account especially third-party contractors
  4. Log every activity involving remote access using RDP across servers and endpoints
  5. Limit third-party remote access to time-sensitive or as-needed credentials, not permanent accounts
  6. Rotate usernames and passwords 
  7. Enabling multi-factor authentication is a baseline for security

Protect your organisation's communication integrity by understanding and implementing secure RDP settings.

System Security
Checklist
Expert

Related articles

Exposed Services

Safeguarding against data leaks: protecting passwords and tokens

If you don’t change the locks, we all have the key. By following this checklist, you can better protect your organisation from the risks associated with data leaks and enhance your overall cyber security posture.

DNS Configuration

Boost your email security with SPF, DKIM, and DMARC

In the realm of cyber security, ensuring the legitimacy of your organisation's email communications is paramount. This is where the trifecta of Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC) come into play.

System Security

How to protect your GitHub repositories and prevent credential leaks

We've compiled a comprehensive checklist to help your organisation protect its GitHub repositories.

View all

Sign Up to Our Newsletter

Our weekly Asia Cyber Summary is a snappy, non-technical overview of regional cybersecurity news that helps you stay informed. Test it today, you can always unsubscribe. 

Let’s talk
System Security
Expert