All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
- All About Cookies makes money when you click the links on our site to some of the products and offers that we mention. These partnerships do not influence our opinions or recommendations. Read more about how we make money.
- Partners are not able to review or request changes to our content except for compliance reasons.
- We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we cannot guarantee we haven't missed something. It's your responsibility to double-check all information before making any decision. If you spot something that looks wrong, please let us know.
Remote desktop protocol (RDP) is a way of remotely accessing a computer or server without being in the same physical location as the machine in question. Let’s say a remote worker on a three-month stint in southern Italy needs to use the office computer — that’s where an RDP connection comes into play.
Unfortunately, due to the open nature of RDP, it’s a gold mine for hackers and cyber thieves. But how exactly does it work? And how can you keep yourself from being hacked?
By understanding the security risks and practicing good internet hygiene, you should be able to use this valuable tool without becoming a victim. Here’s what to know.
Common RDP vulnerabilities
How to secure your RDP ports
Alternatives to RDP
FAQs about RDP security
Bottom line
What is RDP?
RDP is a Microsoft-developed protocol for network communications on Windows.
RDP gives workers access to their physical computers even if they’re halfway across the world. It also allows administrators or IT teams the ability to remotely check on a machine. This could be for either maintenance, upgrades, security updates, or anything else they may want to do on the computer.
Essentially, it allows you to use a computer or server in one location while you’re in another. This became especially important during the pandemic.
When workers and students went remote in 2020, the use of RDP jumped 41% in the first few weeks of March alone.[1] Teachers could access their school servers with all their lesson plans and notes. Workers were able to pull up their files without the use of file share sites such as Dropbox.
It’s an extremely useful tool that also has the potential to be misused by cybercriminals if you don’t properly secure your device.
How does RDP work?
RDP is a fairly complicated protocol that results in the ability to share data between machines. Let’s look at it as if you were a remote worker wanting to access the company database in a remote desktop session. Essentially, we can break RDP functionality down like this:
- You, the remote person, make a request from your workstation to the physical Windows server at the company.
- The server looks at the machine where you’re making a request to check out the settings and exchange settings data.
- The server accepts your request and connects you.
- Your machine checks the security on the company server to make sure it’s safe.
- Your machine sends your security info so the server knows you’re safe.
- The server sends back licensing data letting your computer know it has permission to access it.
- Your machine checks if the server can handle your request.
- The server returns that check with its information to make sure the request is compatible.
- Each machine finalizes the connection.
- You can now exchange data.
Although this is a lengthy read, the entire process takes as long as a sip of coffee to complete. You can then use the channels created with this remote access to share data back and forth.
Should you use RDP?
You may not have a choice. RDP is a preferred method of connection for many businesses, especially if the information requires more security.
Although some companies are able to use services such as Google Docs to share workloads, some may work with more sensitive information. In that case, RDP is a secure line between the remote computer and the physical machines that doesn’t involve a third party like Google.
RDP is as safe as any other connected activity like surfing the internet or torrenting. Because it’s a form of connecting to another device, there are always risks. That’s why you should be using complex passwords, a strong and secure antivirus, and a virtual private network (VPN).
Common RDP vulnerabilities
Most RDP vulnerabilities are based on human error. Poor password health and unrestricted access are some of the most common ways hackers get in through RDP ports. In fact, there’s software built just to scan the internet for open RDP ports.
Once a cybercriminal finds a vulnerability, they can brute force their way into the machines. RDP ports are currently responsible for the majority of cyber attacks. But what do these hackers want once they’re in? Well, they can perform a number of deceitful operations when they’ve taken over.
These include but are definitely not limited to the following:
- Ransomware attacks
- Distributed Denial of Service (DDoS) attacks
- Man-in-the-Middle (MitM) attacks
- Data theft
- Smart card hijacking
- Launch ransomware attacks at others
Basically, once the threat actor has access to your machine, they have control and can do what they like.
How to secure your RDP ports
Secure remote access is an absolute must if you’re going to be using RDP. Remember, once an RDP connection is made, the hacker could gain complete control over the machine. Luckily, there are several manual and automatic ways to secure RDP ports and prevent hackers from connecting.
Restrict access
When the system administrator is setting up profiles, make sure only the people who need access to certain areas have access to those areas.
Not everyone has to have access to HR files, accounting information, etc. This reduces the risk of unauthorized access of remote desktop services during an RDP session.
Restrict login attempts
Brute force attacks happen when there are no secondary security measures in place. Restrict login attempts to three to five maximum. After that, lock access for physical and remote users. This helps prevent an attacker from endlessly trying to guess credentials.
Use authentication
In addition to restricting login attempts, make sure two-factor authentication (2FA) is enabled. You can even go as far as to insist on multi-factor authentication, which will include more than one additional method of authentication.
For extremely sensitive data, network-level authentication can assist in keeping out hackers as well as employees who don’t need certain clearances. This will not only secure access but also serve as an alert system to potentially unwanted activity.
Use an RDP monitor
RDP monitoring tools allow you to set up alerts, see who’s accessing your system, create reports on attempted RDP sessions, close ports, whitelist users, and even give you a kill switch option to shut down everything if you suspect suspicious activity.
Close RDP ports
If RDP isn’t being used, don’t leave it open. Making sure ports are closed at the end of each session stops those ports from being picked up during an open port scan.
Use a VPN
Using a VPN to encrypt the data being transmitted can help keep your connection secure. Although one of the best VPNs should be an addition to your RDP security measures, it shouldn’t be the only security measure you have in place.
Additional RDP security measures
- Make sure all software is up to date
- Use the best cybersecurity software
- Use strong passwords
- Limit the number of third-party vendors with access
- Stay off public internet as much as possible
Alternatives to RDP
RDP is a useful feature that became essential in 2020. Because it’s riddled with security issues, you may feel more comfortable using a different type of remote protocol. There are definitely alternatives available.
Secure Shell (SSH)
SSH is a secure protocol that provides authentication, encryption, and data integrity protection when making a connection.
Although creating the connection from a remote computer to a company server that we explored earlier, SSH encrypts the data exchanges and then authenticates them.
What this means is the data is hidden as it’s being exchanged. After the connection is made, both you and the server you’re accessing are checked to make sure it’s really you and that’s really the server.
Virtual Network Computing (VNC)
VNC is an oldie. Originally developed in 1990 as an open-source research project, it’s considered a little bit slower and less secure than other remote options.
Although there are several different types of VNC connections, if you’re looking for more speed and safety you’ll probably want to choose a different option.
File Transfer Protocol (FTP)
FTP is made for transferring files from one machine to another. Whereas RDP allows you to remotely access another machine, even using it like you would if you were there, you’ll use FTP to transfer files. Because you can use an FTP configuration with a firewall, there’s more security than an open RDP port.
Chrome Remote Desktop (CRD)
C’mon, you knew Google was going to have skin in the game. If it’s tech, Google is going to create its own product. CRD works with Chrome OS or a Chrome browser. Because you have the power of Google behind it, it has the added benefits of Google’s secure connections.
FAQs about RDP security
Is RDP more secure than a VPN?
No, RDP is more susceptible to threats than a VPN even though both are encrypted tunnels for funneling data.
Can RDP be hacked?
Yes, RDP hacking has increased significantly since 2020. Improperly secured RDP connections are the most likely way an attacker can gain access to a machine via RDP.
Can ransomware spread through RDP?
Yes, one of the main reasons for hacking an RDP connection is to install ransomware on the host computer or server — or to use the hacked device to install ransomware on another victim.
What’s safer than RDP?
Because of encryption and authentication practices, Secure Shell (SSH) is usually considered safer than using an RDP connection.
Bottom line
RDP connections are useful ways to work remotely. Before 2020, these protocols were mostly used for admins and techs who wanted to check on a machine without having to go to its location.
As our world continues to gravitate toward remote work, finding safe ways to connect will need to be a top priority. RDP connections don’t need to be retired, just secured.
Making sure you follow safety best practices, such as using a good VPN and secure antivirus, helps ensure you can continue to enjoy secure connections from anywhere. (If you decide to spend three months working remotely from Fiji though, let us know — you may have a new travel companion.)