steven36 Posted September 28, 2018 Share Posted September 28, 2018 Government agencies remind users that RDP can be used for malicious purposes by criminal actors. Remote Desktop Protocol (RDP) can be a huge boon to IT departments that need remote administration capabilities for branch offices, remote locations, and workers in the field. But the same qualities that make RDP so valuable for support make it just as useful for malicious activities. The FBI Internet Crime Complaint Center (IC3), in collaboration with DHS, is reminding professionals to be careful with their use of RDP and similar protocols to insure that legitimate users and applications are the only ones sharing desktops in the enterprise. Failure to take proper precautions can open the door to a host of malware, including ransomware from CrySIS to SamSam. The bulletin from IC3 warns that RDP exploits can be difficult to spot because they require no user input. Constantly monitoring traffic broken out by protocol, limiting the use of RDP, keeping systems current on updates, and moving to multi-factor authentication wherever possible, are some of the key ways to defend against such attacks, it said. For more, read here Source. Link to comment Share on other sites More sharing options...
straycat19 Posted September 29, 2018 Share Posted September 29, 2018 There is no greater RDP threat than a stupid user who believes all the popups about Microsoft seeing that you have malware on your system and call a number to give up your hard earned money for nothing. Once they do that they are forever at the mercy of the scammers. Organizations can take care of themselves, but I have seen too many (one is too many) senior citizens bilked out of their limited income by these scammers. Microsoft ought to remove RDP from non enterprise versions of windows. Link to comment Share on other sites More sharing options...
dcs18 Posted September 29, 2018 Share Posted September 29, 2018 Those who prefer to implement the blacklist policy can block RDP (Remote Desktop Protocol,) with the following firewall block rule:— Local System:— Block Protocol:— TCP Local Port:— 3389 Direction:— Incoming Those firewall Users who use the whitelist policy won't need to create any additional rule/s to block the RDP (Remote Desktop Protocol,) vulnerability. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.