Other issues in this category (35)
Welcome, but remote visitors not admitted
Friday, July 31, 2020
It appears that the topic of working remotely is indeed vast. We deliberately don't touch upon those aspects beyond our area of expertise, such as problems related to sufficient network bandwidth and the solutions that best facilitate remote access. However, staying within the scope of anti-virus security still leaves us with quite a few issues to talk about. So, without further ado, let's get right to it.
To use the Remote Desktop to connect to a computer, the remote host must have a password-protected user account.
In the System Properties window, the option allowing Remote Desktop connections must be enabled. You will also need to set up a password for the current account or create a new account for RDP connections. Standard user accounts don't have sufficient permissions to grant someone remote access to the system. This permission can be provided by a system administrator.
In our previous issues, we’ve often recommended that users disable the Remote Desktop option. The reasons are obvious. Just take a look at the latest statistics.
Logging in to a target machine via a Remote Desktop connection has become one of the most common attack vectors.
In some cases, the perpetrators had to mount brute-force attacks. The systems targeted may well have been using default credentials or weak passwords. The attackers may also have acquired valid credentials via other unobserved malicious activity or purchased them from another threat actor.
As we repeatedly say, most users lack the IT background to configure the software they use. And because many people are now working remotely, their personal computers need to be configured too. To set up users' systems properly, system administrators have logged in to their machines remotely.
There is nothing wrong about that, and, in all likelihood, the admins have caused no harm to employee desktops and laptops. But clearly attackers can also try to log in to the same computers remotely.
The Anti-virus Times recommends
- If you are not going to use Remote Desktop, disable this feature.
- Don't install applications that facilitate remote access on your computer.
- If your machine is accessible remotely, back up your personal data and, if possible, do not store corporate information on your personal PC.
- Use strong passwords.
- Don't forget to install updates!
- Throw the enemy off the trail. The default Remote Desktop port is 3389, but you can use an unconventional one. Organizations can assign different RDP ports for specific IP addresses.
- Conceal your telecommunications. For example, you can use a VPN (Virtual Private Network) tunnel to keep your Remote Desktop connections secure. Traffic transmitted over a VPN tunnel is encrypted.
- Limit the number of people who have access to your computer.
- In most Windows versions, user accounts in the administrator group still have access to remote hosts. You can disable the option for these accounts or grant remote access only to a specific administrator account.
- Set the maximum number of failed login attempts.
- Only grant Remote Desktop access for specific IP addresses.