An Overview of RDP Security Layer: How Effective Is It? (2023)

An Overview of RDP Security Layer: How Effective Is It? (1)

By Giorgio Bonuccelli


Last updated on September 22, 2021

(Video) The Ultimate Guide to Secure Remote Desktop Connections To Safely Access Your PC over the Internet

Remote desktop protocol (RDP) is a secure network protocol developed by Microsoft that facilitates remote access. The protocol provides three kinds of secure communications for remote desktop connections: RDP security layer, negotiate and secure sockets layer (SSL).

While the RDP security layer uses native encryption mechanisms to secure connections between clients and the server, the negotiate method selects the most secure layer supported by the client. SSL, in contrast, uses the transport layer security version 1.0 (TLS 1.0) to authenticate the server if the client has a valid certificate and supports TLS 1.0.

(Video) Achieving Secure Remote Access with RDP

RDP Vulnerabilities Are a Hot Target for Cybercrimes

RDP became a popular option for organizations that needed to move employees from on-premises to hybrid working environments urgently in the wake of the coronavirus pandemic. According to Business Fortune Insights, the global remote desktop software market size was US $1.53 billion in 2019. The company projects this market share to grow at a compound annual growth rate (CAGR) of 15.1% to reach US $4.69 billion by 2027.

The popularity of RDP caused it to become a target for cybercriminals. Before the pandemic, most employees worked from their offices and used resources that IT administrators monitored closely. The shift to remote working meant enterprises had to allow employees to use their preferred devices under a bring your own device (BYOD) framework to access sensitive corporate resources via RDP.

This shift led to many mistakes and more RDP exposures. According to Kaspersky, worldwide RDP attacks surged from 93.1 million in February 2020 to 277.4 million by March 2020, representing a staggering 197% increase. While this trend went up and down throughout 2020, another significant surge came at the onset of winter lockdowns.

By February 2021, RDP attacks had skyrocketed to 377.5 million, according to Kaspersky. This underscores a massive shift from 91.3 million reported by the same company at the beginning of 2020. According to Maria Namestnikova—a security expert at Kaspersky—hastily implemented and configured remote desktop services (RDS) have played a significant role in driving RDP attacks in many enterprises.

Types of RDP Vulnerabilities

RDP has plenty of known vulnerabilities. Below are a few of them.

(Video) Securing RDP (Cover Home and Domain Networks) [Windows]

Man-in-the-middle attacks

Even though RDP encrypts data between the client and the server in default mode, it does not provide an authentication mechanism to verify the identity of the terminal server. Malicious actors can launch man-in-the-middle attacks to intercept the connection between the client and the server, compromising the communication in the process.

Encryption attacks

RDP supports two forms of encryptions: standard (also called native) and enhanced encryption. With standard encryption, most of the RDP connection sequences (handshakes) occur via a weak encryption mechanism. Malicious actors can decrypt connections at this stage in a reasonable time frame and disclose the enterprise’s sensitive resources.

Denial-of-service attacks

RDP provides two types of authentications: network-level authentication (NLA) and non-NLA. Servers that support NLA but do not have it configured are vulnerable to denial-of-service (DOS) attacks because clients must authenticate themselves before the server can create a session. Hackers can use this vulnerability to create repeated connections to the server, preventing legitimate users from accessing the service.

Keylogging attacks

With keylogging attacks, hackers create sophisticated malware that tracks all the keys users press on their keyboards while accessing RDS. Unlike other malware, these applications do not pose a severe threat to the RDS infrastructure. However, keyloggers can pose a serious threat to users, especially when hackers intercept sensitive passwords and account numbers.

EternalBlue attacks

EternalBlue attacks allow hackers to execute arbitrary codes remotely, giving them access to the network. These attacks exploit a vulnerability in the Windows OS server message block (SMB) protocol, allowing malicious actors to compromise the entire network and connected devices.

(Video) How to secure your Windows Remote Desktop RDP or Terminal Server | RDP two factor authentication

RDP Security and Encryption Levels

There are three types of security layers for RDP communications: negotiate, RDP security layer, and SSL. By default, RDS sessions use the negotiate method, where the client and remote desktop session host (RDSH) server agree on the most secure protocol the client supports. For example, if the client supports TLS 1.0, then the RDS infrastructure uses it. Otherwise, the RDS infrastructure uses the RDP security layer.

The SSL method is by far the most robust approach for securing RDS sessions. The SSL method uses the TLS 1.0 protocol to verify the identity of the RDSH server and encrypts all the connections between the client and the server. In contrast, the RDP security layer uses the native remote desktop protocol encryption mechanism to secure connections between the client and the RDSH server. Because the RDP security layer does not authenticate the RDSH server, it is prone to attacks.

When it comes to encryption, RDP supports four levels:

  • Federal information processing standards (FIPS) compliant. This level uses the FIPS 140-1 validated encryption methods to encrypt the data between the client and the RDSH server. Clients must support this level of encryption to connect.
  • High. It uses the 128-bit encryption system to encrypt data between clients and RDSH servers and vice versa. Clients must support this level of encryption to connect.
  • Client compatible. This is the default mode and uses the client’s maximum key strength to encrypt data between the client and the server.
  • Low. It uses the 56-bit encryption system to encrypt the data between the client and the server. However, this level does not encrypt data between the RDSH server and the client.

RDP Security Best Practices

Because of the ongoing RDP risks, companies providing remote access must adopt RDP best practices to secure their IT infrastructure. Let us explore some of them.

  • Always use the SSL option. TLS 1.0 provides more robust security than the RDP security layer. As such, you should always ensure you configure it when using RDS.
  • Require multi-factor authentication (MFA). MFA is a robust approach for preventing brute-force attacks and keylogging attacks. When used, MFA creates a layered defense that makes it more difficult for hackers to access the RDS infrastructure.
  • Enforce strong password policies. Always make strong passwords mandatory for users that access RDS infrastructure.
  • Enable automatic updates on the OSs. Updating the OS to the latest versions for both the client and the RDSH server eliminates known RDP vulnerabilities.
  • Always use secure connections. By default, RDS runs on port 3389. Running RDS on this port opens up the infrastructure to man-in-the-middle attacks. You can secure the RDS infrastructure by deploying an SSL-secured connection.

Parallels RAS Provides a Wide Range of Features to Secure Remote Access

Virtual desktop infrastructure (VDI) has emerged as a top choice for organizations that want to provide flexible working environments. However, VDI can make business sense only if it guarantees the security of corporate resources. Parallels® has spent over two decades researching and refining its premier VDI product: Parallels® Remote Application Server (RAS).

(Video) SSL, TLS, HTTP, HTTPS Explained

Parallels RAS has plenty of enterprise-grade features that can secure virtual applications and desktops, such as:

  • MFA. Parallels RAS allows users to authenticate to virtual workspaces via two successive steps. Enterprises can use various identity and access management (IAM) solutions such as FortiAuthenticator, Google Authenticator and RADIUS.
  • Advanced filtering. IT administrators can apply granular filtering rules to restrict access to the farm based on IP addresses, gateways, and MAC addresses.
  • Data segregation. Parallels RAS supports multi-tenant architectures, ensuring that each tenant’s data gets isolated and remains invisible to other clients.
  • Smart card authentication. Enterprises can leverage the Parallels RAS easy-to-use smart card authentication feature to allow users to access published resources.
  • Kiosk mode. IT administrators can easily transform thin and zero clients running obsolete OSs such as Windows 7 or Windows 8 into secure endpoints without replacing their underlying operating systems.
  • Robust encryption protocols. Parallels RAS supports FIPS 140-2 and SSL, allowing users to access VDI with the highest encryption standards. It also complies with various data protection regulations such as the health insurance portability and accountability act (HIPAA) and general data protection regulations (GDPRs).

Take security to the next level by downloading your free, 30-day Parallels RAS trial today!

FAQs

What is RDP security layer? ›

The SSL method uses the TLS 1.0 protocol to verify the identity of the RDSH server and encrypts all the connections between the client and the server. In contrast, the RDP security layer uses the native remote desktop protocol encryption mechanism to secure connections between the client and the RDSH server.

How secure is RDP protocol? ›

How secure is Windows Remote Desktop? Remote Desktop sessions operate over an encrypted channel, preventing anyone from viewing your session by listening on the network. However, there is a vulnerability in the method used to encrypt sessions in earlier versions of RDP.

What is RDP and how it works? ›

Remote desktop protocol (RDP) is a secure network communications protocol developed by Microsoft. It enables network administrators to remotely diagnose problems that individual users encounter and gives users remote access to their physical work desktop computers.

What layer is RDP protocol? ›

Sending and receiving data through the RDP stack is essentially the same as the 7 layer OSI model for communication. The data transmitted is sectioned, directed to a channel, encrypted, wrapped, framed and packaged before going over the wire to the other party, then it goes through the same process in reverse.

Where is RDP security layer? ›

With RD Session Host Configuration selected view under Connections. Right-click RDP Listener with connection type Microsoft RDP 6.1 and choose Properties. In general tab of properties dialog box under Security, select RDP Security Layer as the Security Layer.

Why RDP is used? ›

The Remote Desktop Protocol (RDP) makes it possible for employees to connect to their work desktop computer when they work remotely.

Why is RDP a security risk? ›

The problem is that the same password is often used for RDP remote logins as well. Companies do not typically manage these passwords to ensure their strength, and they often leave these remote connections open to brute force or credential stuffing attacks.

What is more secure than RDP? ›

Although both VPN and RDP are encrypted through internet connection, a VPN connection is less accessible to threats than a remote desktop connection. For this reason, VPN is often considered more secure than RDP.

Is RDP secure by default? ›

RDP has always supported strong encryption and is by default encrypted!

Where is RDP used? ›

Raw device mapping (RDM) enables disk access in a virtual machine (VM) in the VMware server virtualization environment and allows a storage logical unit number (LUN) to be connected directly to a VM from the storage area network (SAN).

Is RDP good? ›

Our Verdict

If you have one of the upper-tier versions of Windows (Pro, Enterprise), and fair to good computer/networking chops, Microsoft's Remote Desktop Connection is an excellent free option for accessing your Windows PC from other computers or devices.

What are the 4 protocol layers? ›

4 The TCP/IP Protocol Stack is made up of four primary layers: the Application, Transport, Network, and Link layers (Diagram 1). Each layer within the TCP/IP protocol suite has a specific function. When the layers of the model are combined and transmitted, communication between systems can occur.

How many types of RDP are there? ›

There are two major categories of remote desktop software: operating-system-based and third-party solutions. The OS-based solution is provided by the same company that provides your business' OS, which means that it is baked right into the system.

Why is it called RDP? ›

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software.

How do you secure remote access? ›

Consider enabling full-disk encryption for laptops and other mobile devices that connect remotely to your network. Check your operating system for this option, which will protect any data stored on the device if it's lost or stolen. This is especially important if the device stores any sensitive personal information.

How do I know if RDP is encrypted? ›

You can check the encryption level on target server where you got connected, open TS Manager and check the status of RDP connection, there you see encryption level.

How secure is RDP Windows 10? ›

The Microsoft Remote Desktop Services gateway uses Secure Sockets Layer (SSL) to encrypt communications and prevents the system hosting the remote desktop protocol services from being directly exposed to the public internet.

What are the most important features of RDP? ›

The Microsoft Remote Desktop Protocol (RDP) provides remote display and input capabilities over network connections for Windows-based applications running on a server. RDP is designed to support different types of network topologies and multiple LAN protocols. This topic is for software developers.

Why was RDP not successful? ›

Many contractors had built shoddy houses and didn't train people under the peoples housing programme. The quality of the houses built in the province began to collapse and the size of the house was too small for people to move around.

How do you use an RDP? ›

Use Remote Desktop to connect to the PC you set up: On your local Windows PC: In the search box on the taskbar, type Remote Desktop Connection, and then select Remote Desktop Connection. In Remote Desktop Connection, type the name of the PC you want to connect to (from Step 1), and then select Connect.

What are the most common remote work security risks? ›

Cybersecurity risks associated with remote work are many and varied, including expanded attack surfaces, security skills shortages, vulnerable networks, cloud-based infrastructures and employee work habits.

Which is the most secure way to remote login? ›

Following are some of the most effective methods of securing remote access. Virtual Private Networks (VPNs) – VPNs establish an encrypted tunnel through which users can securely access sensitive information from any location.

What is the most secure access control? ›

Mandatory Access Control (MAC)

On the other end of the spectrum, mandatory access control systems (MAC) are the most secure type of access control. Only owners and custodians have access to the systems.

Is RDP hackable? ›

If an individual uses a vulnerable network to access an RDP server, a cybercriminal could more simply infiltrate the process and gain access to the server themselves. Older kinds of RDP software that haven't received security updates in a long time are also far more vulnerable to hacks.

Is RDP secure on internal network? ›

In many cases, servers with RDP publicly accessible to the internet have failed to enable multi-factor authentication (MFA). This means that an attacker who compromises a user account by exposing a weak or reused password through a brute force attack can easily gain access to a user's workstation via RDP.

Which RDP is best? ›

2 ✅ Top 10 RDP Server Provider 2022:
  • 2.1 Cloudzy.
  • 2.2 HomeRDP.
  • 2.3 Hostworld.
  • 2.4 SnTHosting.
  • 2.5 RDPGO.
  • 2.6 CoreRDP.
  • 2.7 Aminserve.
  • 2.8 HostingPanel.

What are the 5 layers of IP protocol? ›

Each host that is involved in a communication transaction runs a unique implementation of the protocol stack.
  • Physical Network Layer. The physical network layer specifies the characteristics of the hardware to be used for the network. ...
  • Data-Link Layer. ...
  • Internet Layer. ...
  • Transport Layer. ...
  • Application Layer.

Why are layers used? ›

Layering allows standards to be developed, but also to be adapted to new hardware and software over time. For example, different software packages - applications - may use the same transport, network and link layers but have their own application layer.

What are RDP tools? ›

A remote desktop connection manager or RDP client consolidates your connections in one place, so you don't have to log in to numerous remote connection sessions per day.

What is standard RDP? ›

The Microsoft Remote Desktop Protocol (RDP) provides remote display and input capabilities over network connections for Windows-based applications running on a server.

When did RDP started? ›

Reconstruction and Development Programme (RDP) is a South African socio-economic policy framework implemented by the African National Congress (ANC) government of Nelson Mandela in 1994 after months of discussions, consultations and negotiations between the ANC, its Alliance partners the Congress of South African Trade ...

Who created the RDP protocol? ›

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which concerns providing a user with a graphical interface to another computer. The protocol is an extension of the ITU-T T. 128 application sharing protocol.

Who invented RDP? ›

RDP was invented by Citrix in 1995 and sold as part of an enhanced version of Windows NT 3.51 called WinFrame. In 1998, Microsoft added RDP to Windows NT 4.0 Terminal Server Edition.

Is RDP more secure than VPN? ›

RDP vs VPN Security

VPNs lack access controls and session monitoring, which are both effective means of security when it comes to network access. RDP provides the additional functionality previously mentioned as well as the rare case of monitoring.

Can ransomware spread through RDP? ›

The Brute Force Attack: Ransomware via Attrition

Brute force attacks are an extremely popular method through which an attacker can deploy ransomware (such as Maze) via RDP.

Is RDP more secure than SSH? ›

SSH and RDP: Comparison, Security, and Vulnerability

Though they are quite similar, there are fundamental differences between them. SSH is considered more secure because it does not require additional tools such as a Virtual Private Network (VPN) or Multi-factor authentication (MFA) as RDP does.

Does RDP has encryption? ›

Microsoft RDP includes the following features and capabilities: Encryption. RDP uses RSA Security's RC4 cipher, a stream cipher designed to efficiently encrypt small amounts of data. RC4 is designed for secure communications over networks.

Can RDP transfer viruses? ›

It could. Remote access solutions could leave you vulnerable. If you don't have proper security solutions in place, remote connections could act as a gateway for cybercriminals to access your devices and data. Hackers could use remote desktop protocol (RDP) to remotely access Windows computers in particular.

Can RDP be monitored? ›

1) Can Remote Desktop (RDP) Be Monitored? Yes. Using CurrentWare's remote desktop monitoring software you can monitor the computer activities of your end-users.

Does RDP transfer data? ›

On Windows OS, Remote Desktop Connection (RDC) is built-in by default, allowing users to customize their file/folder sharing settings before connecting. From there, users can easily transfer files over RDP. As you can see, learning how to transfer files over a remote desktop can be quite easy!

Is RDP exposed to the Internet? ›

However, the highest risk is the exposure of RDP on the Internet, port 3389, and allowing it to traverse directly through the firewalls to a target on the internal network. This practice is common and should absolutely be avoided.

What does RDP stand for? ›

This article describes the Remote Desktop Protocol (RDP) that's used for communication between the Terminal Server and the Terminal Server Client. RDP is encapsulated and encrypted within TCP.

Videos

1. Remote Desktop Secuirty for Windows 7 client via GPO Part 1 Getting Started
(Blue Team Security)
2. Securing Remote Desktop Protocol (RDP) on Windows Server 2008 R2 Part 1
(Blue Team Security)
3. Zero Trust Explained in 4 mins
(IBM Technology)
4. RDP systems are facing billions of attacks every month as hackers try to guess passwords
(IT & DEVOPS MASTERCLASS)
5. Hardening Windows RDP (Terminal Services)
(Phr33fall)
6. Securing Remote Desktop Protocol (RDP) on Windows Server 2012 R2 Part 1
(Blue Team Security)
Top Articles
Latest Posts
Article information

Author: Barbera Armstrong

Last Updated: 11/17/2022

Views: 6794

Rating: 4.9 / 5 (59 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Barbera Armstrong

Birthday: 1992-09-12

Address: Suite 993 99852 Daugherty Causeway, Ritchiehaven, VT 49630

Phone: +5026838435397

Job: National Engineer

Hobby: Listening to music, Board games, Photography, Ice skating, LARPing, Kite flying, Rugby

Introduction: My name is Barbera Armstrong, I am a lovely, delightful, cooperative, funny, enchanting, vivacious, tender person who loves writing and wants to share my knowledge and understanding with you.