Remote Desktop and How It’s a Vulnerability (Podcast)
Remote desktop protocol allows you to sign into a computer or network from another device. However, this old technology is full of vulnerabilities. In today’s episode, Dave Hodgdon and Orion Graves look at other options for giving remote access to your team.
Dave Hodgdon: Welcome to PCG Tech Tuesday. My name is Dave Hodgdon. I’m here today with PCG’s Orion Graves, a senior engineer here at PCG. Our topic today is about RDP and some of the vulnerabilities there are with your network. Good morning, OG. How are you today?
Orion Graves: Good. How are you today, Dave?
What Is Remote Desktop Protocol?
Dave: Fantastic. It’s a great day to be here. Great topic today. First of all, what is RDP?
Orion: RDP, or Remote Desktop Protocol, is used by folks to remote into resources, so whether you’re remoting into a desktop, you’re promoting into a laptop, a server, or anything else that’s either on your local network or on a remote network if you’re accessing it over some sort of VPN.
Dave: Does it matter where I remote in, whether I’m home or on the road or whatever if I’m using my phone? When you say a resource, I assume I could be anywhere. Right?
Orion: Yes. With remote desktop, it allows you to remote into other endpoints or other devices from one device or another. You could be on your laptop at home, sitting on your couch, and remote into your desktop at the office. If you’re trying to work remotely, you could be sitting at one office and trying to remote into a server somewhere else if there’s resources at that at the other office that you have to access.
RDP Vs. Terminal Services
Dave: RDP, I’m from old school. I’ve always think of the word Terminal Services. Is RDP similar to Terminal Services?
Orion: Yes. So with a terminal server, you would be using, generally speaking, RDP to remote into it. That’s the way we’ve been doing it for the last, what, 20 years or so.
Dave: You’re aging yourself there.
Orion: Been at it a bit.
Why People Use Remote Desktop Protocol
Dave: Why would you use it?
Orion: It’s a simple protocol. It’s easy to set up. It’s pretty quick for folks to understand. And, like I said, it’s been something we’ve been using for God knows how long. It’s something that’s built into Windows. Devices have it in the Professional version of Windows, servers have it enabled by default, and it’s great for, as we were discussing, terminal services. If you have a application that is at one particular site that people have to access, well you can use it to remote into a device onsite and access it. It allows for much lower latency when accessing applications.
Is RDP a Microsoft Product?
Dave: When you use the word Microsoft… RDP, is that specific to Microsoft? Are there other flavors that other companies might use, Apple, Linux, Unix? RDP, is it really specific to Microsoft?
Orion: RDP specifically is a Microsoft-only product. Other manufacturers or developers have their own flavors sort of.
Dave: Right.
Orion: But RDP is one of the most widely used. And most other software companies have moved on from their more traditional methods and have been introducing other third-party applications to do it or a more secure methodology of doing so. Whereas RDP hasn’t really changed much in the last 20 years.
Why Is RDP Vulnerable?
Dave: So, is it vulnerable? Or why is it vulnerable?
Orion: It is vulnerable for the specific reason of it’s been around forever. People have had a lot of time to go through it and find the different problems. A lot of the issue is that because it is such a simple protocol, it’s very easy to grab information from it. With RDP, basically, what’s happening is you’re essentially just getting screenshots back and forth from a remote device.
Dave: Right.
Orion: And these are all going through more or less insecure packets. It’s not a secure connection, technically speaking. It’s pretty close to just plain text when it’s going over the network.
Do VPNs Make RDP More Secure?
Dave: Would you use a VPN over RDP? Does that make it more secure?
Orion: A VPN will help to make it more secure. But if you are already on the same network as the device or you have access to the network that a device is on that somebody is RDPing to, then it’s still simple to get the information from. Or if you have access to a person’s device that is RDP, so if an employee tries to work remotely, and let’s say their home device gets infected, the bad actor could not do anything to that home device other than just skim packets for their remote desktop, and from there, they can obtain their username. They can obtain their password. They can obtain any information flowing back and forth and grab screenshots from the RDP session.
Why You Shouldn’t Use RDP for Your Remote Workforce
Dave: That sounds scary to me, Orion. It’s vulnerable. So, to me with a remote workforce, what you’re saying, if you’re using RDP from a remote workforce, that’s not the right thing to do. Right?
Orion: RDP, unfortunately, it’s something that people have been so stuck on. People have gotten used to. They’ve figured out how to use it. There are many alternatives to using the RDP when it comes down to it, but with it, it is something that we should start to push people away from.
Dave: Right. You mentioned there are workarounds for it?
Alternatives to RDP
Orion: Yep, there’s several workarounds for RDP. There are ways you can make it more secure. You could introduce SSL certificates to help to-
Dave: SSL, what’s that stand for?
Orion: SSL, that’s Secure Socket Layer.
Dave: Perfect.
Orion: Think of it like a license. Your device says, “Hey, I have this information.” And the other endpoint says, “Hey, let me look at that. Okay, that matches up what I have.” And it allows the two endpoints to talk. Without that SSL, the only real authentication going on is the login information. “Hey, here’s my username and password. Am I allowed in?”
Dave: Right.
Orion: That’s about it.
Why You Should Disable Remote Desktop
Dave: Should it be disabled? Should companies be enforcing to disable that whether you’re… Any remote employee, should it be disabled?
Orion: By default, with most Windows desktop installations, it is disabled by default. Of course, with the work-from-home world these days, people are using it to remote into their PCs at the office. So, generally speaking, we would suggest disabling this and using some sort of alternative, whether that be using TeamViewer, whether that be using LogMeIn or some other remote desktop application. I know a lot of folks will use some of the GoToMeeting applications to do stuff like this.
Dave: Are those as secure or more secure than RDP?
Orion: Those are a lot more secure than RDP. You are going over an encrypted SSL tunnel. You are always authenticating via several different methods to get to these using, such as 2FA to log in, getting a code on your phone, getting a text on your phone, or having some sort of hardware token to log into these systems.
Whereas RDP, you can implement these things. It’s costly. It’s time-consuming. And they break easily. And you still have the issue of the protocol by itself is still an imperfect protocol. It still has so much layover from its old versions that there’s no real way to fix it other than to build something new on top of it.
Thanks for Listening to PCG Tech Tuesday
Dave: Right. Well, thanks for your great insight today, OG, on RDPs. Have a great day.
Orion: You as well, Dave. And that’s been this Week’s Tech Tuesday. Join us next week for more tech tips.
