Advantages of using remote server remotely
Accessing your servers or desktop workstations remotely is a great way to manage them, But you should also know that remote access is a target of attack for cybercriminals.
For example, if cybercriminals gain access to your domain controller’s administrator login, they will own your Windows infrastructure, and this could quickly wreak havoc on your organization. From sending corporate emails to accounting departments, diverting your company’s intellectual property, or even encrypting all company files to retain them and then get money in exchange for a ransom, attacks targeting the protocol Remote Desktop (RDP) can be very bad.
In this context, although “RDP” is mainly mentioned here, it means all kinds of remote desktop and remote access software, including VNC, PC Anywhere, TeamViewer, etc., and not just Microsoft’s RDP. The good news is that there are many ways to protect against RDP attacks, starting with turning it off. If you really don’t need remote access, turning it off is the simplest.
If you need to allow such access, there are a variety of ways to restrict it to the good guys:
First of all, allow access only from internal IP addresses that come from your company’s VPN server. This has the added benefit of not publicly exposing the connection ports to RDP.
Speaking of port exposing, if that’s your only option, you may want to change the RDP connection port to a non-standard one to prevent simplistic worms from attacking your network through your RDP ports. However, keep in mind that most network scanners check for RDP activity on all ports, so this should be viewed as “security by obscurity” as it provides virtually no additional security against moderately sophisticated attackers. You will have to be extremely vigilant in reviewing network access and login activities in your RDP server logs as it may be more a question of when and not if an attacker accesses your network.
Second, make sure to enable multi-factor authentication (MFA) for remote users as another layer of authentication.
Third, whenever possible, only Buy RDP inbound connections from your users’ public IP addresses. The easiest way for collaborators working remotely to find their public IP address is to Google “What is your IP address” (try “What is my IP address”) and the first result will be your IP address. Remote collaborators can then provide that information to the IT or Security team so that your business or organization can create a whitelist of allowed IP addresses. It is also possible to whitelist enabled IP addresses by allowing their subnet, as dynamic IP addresses on home networks would normally remain within a subnet after router reboot or other network maintenance on the end client side.
Even if you secure your access to RDP, be aware that there have been a number of exploits against you recently, so to avoid problems, make sure it is fully patched. You can find more information on how to secure RDP in the article Why disconnect RDP from the Internet to avoid being the victim of an attack.