The easy way for Admins to access their servers over the internet is to use the Microsoft remote desktop feature which is embedded in all Microsoft Windows platforms. But did you ask yourself is it safe to publish your RDP over the internet or not ?
Microsoft described vulnerabilities in Remote Desktop cloud allow remote code execution (2671387), this vulnerabilities could allow a remote attacker to run arbitrary code on the affected system by sending a sequence of crafted RDP packets. To protect your system against this bug Microsoft recommend their users to make sure that automatic update is enabled on their computers / servers, otherwise users must download & install the security update in Microsoft KB294871.
Do you think its enough to keep the automatic update enabled on your system while your system is exposed to internet and using default RDP port & sittings ? The answer is diffidently NO. So what are the alternatives ?
following are some recommendation that can prevent or reduce the possibility of RDP attacks:
- the best way is to not publishing the RDP over the internet and use VPN to access your local network through the internet then you can access your servers through RDP
- Make sure that your servers always have the latest security updates & service packs
- Consider configuring your RDP settings to use Enable Network Level Authentication (NLA) on Windows Vista and later OSs
- Change the default port that your systems listen for RDP (3389). all scanners and worms use default RDP port to attack your system and using non-standard RDP port will reduce the risk
- Implement password policy inside your domain and never use easy passwords for administrator accounts