{"id":15382,"date":"2022-12-15T10:16:32","date_gmt":"2022-12-15T10:16:32","guid":{"rendered":"https:\/\/www.realvnc.com\/?post_type=blog&p=15382"},"modified":"2026-04-13T10:44:18","modified_gmt":"2026-04-13T09:44:18","slug":"rdp-security","status":"publish","type":"blog","link":"https:\/\/www.realvnc.com\/en\/blog\/rdp-security\/","title":{"rendered":"RDP Security: Just How Secure Is RDP Over the Internet?"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

What started out as Terminal Services, part of Windows NT 4.0 Server, back in 1998, has enabled users to remotely interact with a Windows desktop environment for more than two decades. <\/span><\/p>

But back in 1998 none of us was even thinking about the possibility that someone would (GASP!) <\/span>misuse the functionality<\/span><\/a> for their own malicious purposes; the idea of a hacker was someone targeting government networks, infrastructure, etc.<\/span>\u2014nothing even remotely close to the average business.<\/span><\/p>

Fast forward to 2022. Remote Desktop Protocol, in its current iteration, is still very much used by organizations today. That\u2019s because it still meets the simple need of remotely connecting to a Windows machine. <\/span><\/p>

But also, fast forward to the current day, which includes the need to\u00a0<\/span>secure a network<\/span><\/a>\u00a0from any external cyber risk that may exist<\/span>\u2014and the first thing that should come to mind is RDP.<\/span><\/p>

What is Remote Desktop Protocol (RDP)?<\/h2>

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft that enables users to access and control a remote computer over a network connection. <\/span><\/p>

Essentially, RDP allows users to interact with a remote desktop, applications, and resources as if they were physically present at the remote computer. <\/span><\/p>

This capability is widely utilized across various industries, including <\/span>healthcare<\/span><\/a>, finance, and <\/span>education<\/span><\/a>, to facilitate remote access for employees, contractors, and partners. <\/span><\/p>

By leveraging RDP, organizations can ensure that their workforce remains productive, regardless of their physical location.<\/span><\/p>

How Does RDP Work?<\/h2>

RDP operates by establishing a secure connection between the client computer and the remote computer. The client computer sends keyboard and mouse inputs to the remote computer, which processes these inputs and sends back the display data to the client computer. <\/span><\/p>

The TCP\/IP protocol facilitates this interaction and ensures a reliable network connection. To safeguard the data transmitted between the two computers, RDP employs various encryption algorithms, such as SSL\/TLS and RC4. <\/span><\/p>

Additionally, RDP supports multiple authentication methods, including username\/password, smart cards, and biometric authentication, to verify the identity of users accessing the remote computer.<\/span><\/p>

Securing RDP is a Security Risk<\/h2>

RDP is just minding its own business, helping users be productive. So, why is it being focused on so much? When considering the service from a cybersecurity perspective, we must use the\u00a0<\/span>risk<\/span><\/em>\u00a0lens to determine its fate.\u00a0<\/span><\/p>

The reality is that using RDP (without proper compensating controls) creates <\/span>risk for an organization<\/span><\/a> as cybercriminals can exploit vulnerabilities to gain access to systems. There are a few issues with Remote Desktop Protocol that create this risk:<\/span><\/p>

Readily Available Platform<\/h3>

It\u2019s a built-in service on the \u201cserver\u201d side (whether that is a Windows desktop or server OS), with a built-in client on every Windows machine. I mean, c\u2019mon\u2014we\u2019re not even making this difficult for the threat actor!<\/span><\/p>

Directly Accessible from the Internet<\/h3>

Unlike more advanced services like\u00a0<\/span>Zero Trust Network Access,<\/span><\/em>\u00a0which scrutinizes the connection request before connecting the requesting user to the <\/span>remote desktop<\/u><\/span><\/a>, RDP connections are directly exposed to the Internet.<\/span><\/p>

Used Port is Irrelevant<\/h3>

I can\u2019t tell you how many times I\u2019ve heard \u201cI changed the port.\u201d <\/span>It doesn\u2019t matter<\/span><\/em>. Threat actors use port scanners to look for active ports, testing them to determine what service is exposed based on the response. So, move the port from 3389 to whatever you want;\u00a0<\/span>the bad guys will find it anyway<\/span><\/em>.<\/span><\/p>

Uses Single Authentication Factor<\/h3>

By default, RDP relies on AD\u2019s scrutiny of a username and password combination to provide access. This is the very same username and password that could be collected via a credential harvesting phishing scam that collects Microsoft 365 logons.<\/span><\/p>

Enable a Brute Force Attack<\/h3>

If the system hosting the RDP session is Windows 10 or earlier, it may be using a specific default account lockout policy that will <\/span>not lock out the credential<\/span><\/a> despite repeated unsuccessful attempts to log on using the same account.<\/span><\/p>

Limited Visibility<\/h3>

Unless you implement Microsoft Remote Desktop Services (the current iteration of Terminal Services), organizations may not understand which systems may have RDP enabled, which are exposed externally (especially if the systems in question are sitting in, say, a DMZ outside the firewall), and\u2014most importantly\u2014<\/span>which ones are being used<\/span><\/em>.<\/span><\/p>

Internal Access to a Compromised Remote Endpoint<\/h3>

When establishing the connection, the externally remote client wishing to access an internal Windows desktop is not considered secure. The assumption is that the\u00a0<\/span>user<\/span><\/em>\u00a0of a credential afforded remote desktop privileges is the\u00a0<\/span>owner<\/span><\/em>\u00a0of that credential.<\/span><\/p>

(Simple) VPNs don\u2019t add any security to RDP<\/h3>

Many organizations believe \u201c<\/span>RDP + VPN<\/u><\/span><\/a>\u00a0= Security.<\/span>\u201d\u00a0But that\u2019s not always\u2014if rarely\u2014true. Assuming the VPN used merely facilitates a secure channel between the externally remote endpoint and the internal system running RDP, while the connection\u2019s\u00a0<\/span>privacy<\/span><\/em>\u00a0is certainly maintained, there is no additional\u00a0<\/span>security<\/span><\/em>\u00a0in this scenario.\u00a0<\/span><\/p>

Many modern\u00a0<\/span>VPN<\/span><\/a>\u00a0services augment the security of the connection using features like multi-factor authentication, certificates present on the remote endpoint, or IP restrictions (to name just a few)<\/span>. Thus, the overall connection is more secure\u2014but not thanks to RDP itself.<\/span><\/p>

The simple truth is that for an organization today that wants to stop the misuse of Internet-facing remote access by threat actors of any nature, <\/span>all of the risks above must be eliminated<\/span><\/em>. <\/span><\/p>

The threat actor who wants to gain unauthorized access to the remote access that is in place in your organization should be met with some (if not an extremely high) degree of difficulty along the way:<\/span><\/p>