Center for Internet Security (CIS) Releases Remote Desktop Protocol (RDP) Guide

Open-source reports indicate that over 3.5 million internet-connected devices have RDP open publicly, greatly increasing the chance for attack by cybercriminals. Multi-State Information Sharing & Analysis Center® (MS-ISAC® ) data identifies RDP as one of the top attacked protocols.


EAST GREENBUSH, N.Y., Nov. 30, 2020 – With telecommuting and remote work on the rise as a result of the COVID-19 pandemic, Remote Desktop Protocol (RDP) usage has drastically increased. RDP allows end-users to connect to organizational systems remotely, ultimately increasing productivity and reducing the need to purchase additional hardware to support those who may work both in the office and at home. While the benefits are plenty, the increased usage has also resulted in an increase in the number of targeted attacks to poorly secured network protocols and services. To combat commonly exploited protocols, the Center for Internet Security, Inc. (CIS®) has released guidance to help organizations mitigate these risks to protect and defend against the most pervasive cyber threats faced today that can be exploited through RDP.

CIS’s guide, Exploited Protocols: Remote Desktop Protocol, leverages best practices from the CIS Controls® and secure configuration recommendations from the CIS Benchmarks to help organizations secure their RDP from attacks. Each section provides a high-level overview of the direct mitigation for securing RDP, followed by applicable CIS Controls and CIS Benchmarks. The CIS Controls include, and are ordered by their respective mapping to the NIST Cybersecurity Framework (NIST CSF).

“Remote environments have always been a desired target for attackers to conduct a cyber-attack, and COVID-19 has increased that attack surface,” said Curtis Dukes, CIS Executive Vice President & General Manager, Security Best Practices. “The purpose of the CIS guide is to provide an overview of what RDP is, the attacks associated with this protocol, and how an organization can best protect itself against an RDP-based attack.”

Exploited Protocols: Remote Desktop Protocol addresses basic cyber hygiene and is intended to assist organizations that would like to start using RDP, or those already implementing it, secure their systems via a few low-cost, or no-cost mitigations. These are just a few of the most important recommendations for any organization using RDP:

  • Place RDP-enabled systems behind a Remote Desktop Gateway (RDG) or virtual private network (VPN)
  • Update and patch software that uses RDP
  • Limit access to RDP by internet protocol (IP) and port
  • Use complex, unique passwords for RDP-enabled accounts
  • Implement a session lockout for RDP-enabled accounts
  • Disconnect idle RDP sessions
  • Secure Remote Desktop Session host

RDP-based attacks can flourish not because their targets lack the most expensive software or applications, but rather because they lack basic cyber hygiene. The CIS Controls and CIS Benchmarks included in Exploited Protocols: Remote Desktop Protocol can help organizations effectively strengthen their basic cyber hygiene, and help protect against RDP-based attacks.

About CIS:

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments. We are a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously refine these standards to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the cybersecurity needs of U.S. elections offices. To learn more, visit or follow us on Twitter: @CISecurity.

Contact: Autum Pylant

[email protected]