Open RDP (remote desktop protocol) service

Follow

Summary

Scanning your instance has revealed that it is running an RDP (remote desktop protocol) service, and that the service is open to the world.  The RDP service is typically allows users to access a GUI-based remote desktop on your instance from laptops and PCs.  The problem is in inadequately secured instance may be vulnerable to brute-force attack by hacker guessing user names and passwords over RDP connections

Impact

Hackers can repeatedly attempt to login to your instance by guessing account names and passwords.  If they succeed, they will have an active login on your instance, allowing them to other damage and possibly escalate to administrator level access.

Solution

Our advice is as follows:

  • If you don't need to use a desktop, disable the RDP service. This is the simplest and most effective solution.
  • If you do (really) need to use RDP, then:
    • If possible, modify your instance's NeCTAR Security Groups to only access to the RDP port (3389) from known trusted IP addresses or network ranges.
    • Make sure that you use strong passwords on all accounts enabled for RDP access.
    • Make sure that your instance is regularly patched.
    • Follow the other advice in Securing Remote Desktop (RDP) for System Administrators.
Have more questions? Submit a request

Comments

Powered by Zendesk