Why RDP Vulnerabilities Need Your Attention
Remote Work Has Changed the IT Landscape
As more employees are forced to work from home due to COVID-19, there is a heightened need for tools and checks to ensure remote devices are properly secured.
The current situation has certainly rocked the foundation for how businesses function and how IT departments are able to respond. Not only are there endpoints and servers left on-premise that may be sitting idle, waiting for an attacker to come along, but sending massive fleets home to unknown territory and networks opens up a whole new can of worms.
How RDP Puts You at Risk
One vulnerability that has been plaguing the industry for over a decade, Remote Desktop Protocol (RDP) is being used more than ever to allow remote workers back into the corporate network.In late March 2020, after most non-essential businesses were forced to send workers home, search engine Shodan reported a 41.5% spike in “the number of devices exposing RDP to the internet via RDP’s default TCP port 3389.”
This protocol has seen its fair share of security holes and hardship since the beginning. Most notably, 2019 gave rise to a vulnerability known as BlueKeep that could allow attackers to remotely take control of an unpatched connected device. Further, attackers continually rely on brute force attacks to attempt to obtain credentials that have remote desktop access.
If successful, the attackers can gain access to remote workstations and servers that the accounts are authorized for. Organizations need to adopt adequate security measures to proactively protect themselves when using RDP, as well as other potential attack vectors.
Preventing RDP Exploits and Vulnerabilities
How can IT departments accurately check to make sure RDP is checked, as well as other potential security holes? The answer is simple: use a vulnerability scanner.
RDP is just one piece of the puzzle—a popular one, no doubt, but there are other flaws to look out for. Backdoors, crypto mining, peer-to-peer applications, open ports, SNMP, and even the configured Windows policies. All must be checked routinely for potential misconfiguration or susceptibility. Now that employees are working from the couch with a corporate device, or even their own, the need for heightened security has never been greater.
Use Syxsense to Manage and Secure Your Environment
Syxsense Secure offers a thorough definitions library so that devices on or off-premise can be securely checked for any of these popular vulnerabilities. Contrary to most conventional vulnerability scanners that must be stood-up on-premise with new or existing hardware, licensing, and corporate firewall rules.
Additionally, Syxsense Secure includes Syxsense Manage, where patch management comes standard. Conventional tools fall short due to the lack of any remediation capabilities as well as rudimentary patch definitions. Once devices are checked, exportable reports can easily be emailed on set schedules so that newly-discovered vulnerabilities can easily be identified and sent to the proper parties, whether in-house or third-party.
Experience the Power of Syxsense
Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.