Commonly Exploited Protocols: Remote Desktop Protocol (RDP)

Remote desktop protocols image of computer

Each year, billions of internet-connected systems and devices are brought online. This does not include the number of newly-installed systems that are internal to a network. Of these systems, many are at risk of being exploited by attackers through a variety of vectors, including poorly-secured network protocols and services.

CIS is releasing guidance to help organizations understand how to mitigate against these risks and why it is important, in order to protect and defend against the most pervasive cyber threats that are faced today. This guide explains how best to secure Remote Desktop Protocol (RDP).

Remote Desktop Protocol (RDP) Attacks

RDP, a proprietary Microsoft protocol that allows a user to connect to a system remotely over a network connection, has largely been targeted over the years. Attacks exploiting RDP often do not happen as a result of an organization failing to purchase the latest and greatest software or application, but rather due to a lack of basic cyber hygiene. Many RDP-based attacks can be thwarted by implementing a few direct mitigations, at a low or no cost, which can help to protect against these types of attacks.

It is no secret that ransomware has been on the rise. Over the past few years, ransomware has also changed its initial infection vectors. Common vectors, such as phishing emails and software vulnerabilities, are still among the top methods. However, RDP compromise, where an attacker uses RDP to remote into a system and deploy ransomware, has been and continues to be one of the most common methods that is used to ransom a system.

With the massive shift in telecommuting as a result of the COVID-19 pandemic, the usage of RDP has increased dramatically. This expands the number of available systems for attackers to target and potentially compromise.

Securing RDP

CIS’s guide, Exploited Protocols: Remote Desktop Protocol, is here to help you secure RDP. It leverages security best practices from the CIS Controls and secure configuration recommendations from the CIS Benchmarks.

The guide contains:

  • A high-level overview of the direct mitigation for securing RDP
  • Why it is important to secure RDP from an attack perspective
  • Related CIS Controls and/or CIS Benchmarks for securing RDP
  • Additional supportive controls for protecting against and detecting RDP-based attacks