×
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Why CIS

Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world



About Us Leadership Principles Testimonials

Solutions

secure your organization
Secure Your Organization


secure specific platforms
Secure Specific Platforms


cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments


View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities



CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers

Resources

resources
Resources


learn
Learn


filter by topic
Filter by Topic


View All Resources  
CIS Logo Show Search Expand Menu

Commonly Exploited Protocols: Remote Desktop Protocol (RDP)

Remote desktop protocols image of computer

Each year, billions of internet-connected systems and devices are brought online. This does not include the number of newly-installed systems that are internal to a network. Of these systems, many are at risk of being exploited by attackers through a variety of vectors, including poorly-secured network protocols and services.

CIS is releasing guidance to help organizations understand how to mitigate against these risks and why it is important, in order to protect and defend against the most pervasive cyber threats that are faced today. This guide explains how best to secure Remote Desktop Protocol (RDP).

Remote Desktop Protocol (RDP) Attacks

RDP, a proprietary Microsoft protocol that allows a user to connect to a system remotely over a network connection, has largely been targeted over the years. Attacks exploiting RDP often do not happen as a result of an organization failing to purchase the latest and greatest software or application, but rather due to a lack of basic cyber hygiene. Many RDP-based attacks can be thwarted by implementing a few direct mitigations, at a low or no cost, which can help to protect against these types of attacks.

It is no secret that ransomware has been on the rise. Over the past few years, ransomware has also changed its initial infection vectors. Common vectors, such as phishing emails and software vulnerabilities, are still among the top methods. However, RDP compromise, where an attacker uses RDP to remote into a system and deploy ransomware, has been and continues to be one of the most common methods that is used to ransom a system.

With the massive shift in telecommuting as a result of the COVID-19 pandemic, the usage of RDP has increased dramatically. This expands the number of available systems for attackers to target and potentially compromise.

Securing RDP

CIS’s guide, Exploited Protocols: Remote Desktop Protocol, is here to help you secure RDP. It leverages security best practices from the CIS Controls and secure configuration recommendations from the CIS Benchmarks.

The guide contains:

  • A high-level overview of the direct mitigation for securing RDP
  • Why it is important to secure RDP from an attack perspective
  • Related CIS Controls and/or CIS Benchmarks for securing RDP
  • Additional supportive controls for protecting against and detecting RDP-based attacks