Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks

Welcome, but remote visitors not admitted

Read: 848 Comments: 11 Rating: 14

It appears that the topic of working remotely is indeed vast. We deliberately don't touch upon those aspects beyond our area of expertise, such as problems related to sufficient network bandwidth and the solutions that best facilitate remote access. However, staying within the scope of anti-virus security still leaves us with quite a few issues to talk about. So, without further ado, let's get right to it.

The RDP (Remote Desktop Protocol) facilitates remote connections for Windows PCs. This feature is available to all users, unless they have a Home Windows edition installed on their computers.

To use the Remote Desktop to connect to a computer, the remote host must have a password-protected user account.

In the System Properties window, the option allowing Remote Desktop connections must be enabled. You will also need to set up a password for the current account or create a new account for RDP connections. Standard user accounts don't have sufficient permissions to grant someone remote access to the system. This permission can be provided by a system administrator.

Source

In our previous issues, we’ve often recommended that users disable the Remote Desktop option. The reasons are obvious. Just take a look at the latest statistics.

Logging in to a target machine via a Remote Desktop connection has become one of the most common attack vectors.

In some cases, the perpetrators had to mount brute-force attacks. The systems targeted may well have been using default credentials or weak passwords. The attackers may also have acquired valid credentials via other unobserved malicious activity or purchased them from another threat actor.

Source

As we repeatedly say, most users lack the IT background to configure the software they use. And because many people are now working remotely, their personal computers need to be configured too. To set up users' systems properly, system administrators have logged in to their machines remotely.

There is nothing wrong about that, and, in all likelihood, the admins have caused no harm to employee desktops and laptops. But clearly attackers can also try to log in to the same computers remotely.

#remote_access #vulnerability #Windows

Dr.Web recommends

  1. If you are not going to use Remote Desktop, disable this feature.
  2. Don't install applications that facilitate remote access on your computer.
  3. If your machine is accessible remotely, back up your personal data and, if possible, do not store corporate information on your personal PC.
  4. Use strong passwords.
  5. Don't forget to install updates!
  6. Throw the enemy off the trail. The default Remote Desktop port is 3389, but you can use an unconventional one. Organizations can assign different RDP ports for specific IP addresses.
  7. Conceal your telecommunications. For example, you can use a VPN (Virtual Private Network) tunnel to keep your Remote Desktop connections secure. Traffic transmitted over a VPN tunnel is encrypted.
  8. Limit the number of people who have access to your computer.
  9. In most Windows versions, user accounts in the administrator group still have access to remote hosts. You can disable the option for these accounts or grant remote access only to a specific administrator account.
  10. Set the maximum number of failed login attempts.
  11. Only grant Remote Desktop access for specific IP addresses.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments