RDP (Remote Desktop Protocol) is a secure network communication protocol that Microsoft bought from Polycom. It allows users to remotely and securely connect to their computers. In addition, RDP is used by network administrators and DevOps teams to remotely maintain, diagnose, and repair systems. It also finds application in the field of supporting network topologies and LAN protocols.
What does the term "remote desktop" mean?
Remote Desktop is a technology that allows you to remotely control a computer or server via the Internet. This is often used by IT administrators who manage multiple users' devices at the same time using a Windows Server with Remote Desktop Services enabled or a terminal server.
It is worth noting that users sometimes confuse RDP with cloud computing, since both technologies allow you to work remotely. In fact, the similarities between RDP and the cloud end at remote access.
In the cloud, users access files and applications stored on cloud servers instead of on their desktop hard drive. In contrast, RDP directly connects users to desktop computers, allowing them to access files and run applications as if they were physically sitting in front of that computer. Both tools are useful for remote work, but they work in completely different ways.
What features does RDP have?
Smart card authentication. Allows users to access Remote Desktop using certificates stored on smart cards.
Compression of data transfer when connecting to the server. RDP optimizes network bandwidth because most of the user's screen is not updated, eliminating the need to retransmit data.
Use of multiple displays. This feature is available to IT administrators who can connect to multiple users' devices and displays.
GPU virtualization. RDP has a set of protocols RemoteFX that allows you to remotely deliver virtual desktops over local networks. RemoteFX provides a better user experience because it provides advanced graphics encoding and virtualization.
Audio redirection. It allows you to redirect audio from the remote desktop to the user's computer.
File system redirection. It allows you to send files from a controlled device to remote computers.
Print redirection. Applications running within a Remote Desktop session can use a printer attached to a client device to print.
Port forwarding. Applications running within a Remote Desktop session can access local ports.
How does RDP work?
RDP requires users to install client software on the machine they are connecting from and server software on the machine they are connecting to. After connecting to a remote computer, remote users see the same desktop graphical user interface (GUI) and access files and applications just as if they were working locally.
The RDP client and server software communicates on network port 3389 using the TCP/IP transport protocol to communicate mouse movements, keystrokes, and other data. RDP encrypts all transmitted data so that attackers cannot intercept it. Because of the GUI, the interaction between client and server is highly asymmetrical. While the client transmits only relatively little mouse and keyboard input, the server must transmit a large amount of GUI data.
Advantages and disadvantages of RDP.
Advantages:
Organizations can choose not to use a VPN because RDP provides a secure connection from anywhere in the world;
Data is securely stored on user workstations, which means that they can not be moved to cloud servers or stored on unprotected USB devices;
Enables remote work in organizations with legacy on-premises infrastructure, including hybrid cloud environments
Flaws:
RDP connections suffer from latency issues, as all user keyboard and mouse actions must be encrypted and then transmitted over the Internet to the remote computer;
RDP is subject to numerous security vulnerabilities;
RDP can lead to reduced employee productivity.
RDP and cybersecurity
Despite all its security, RDP is subject to two main security holes:
The first problem is weak passwords that users store insecurely and use for multiple accounts. Compromised RDP credentials are a prime attack vector for ransomware.
The second problem is that the use of port 3389 in RDP connections gives a free hand to attackers who use it to carry out MiTM attacks.
And how to solve these problems?
Just follow the following points:
Restrict access to RDP to only those users who absolutely need it, and also restrict access to port 3389;
Start using multi-factor authentication and work on creating strong passwords;
Set up firewall rules so that only allowed IP addresses can access port 3389.
And all your RDP connections will be safe!