Microsoft developed Remote Desktop Protocol (RDP) as a convenient tool for IT workers. Using this protocol, a technician can access and control another Windows computer at a remote location. An RDP connection requires that the host computer is set up to allow remote control. Once the guest computer makes the connection, the guest monitor receives output from the host computer.
The host computer receives input from the guest keyboard and mouse.
This setup allows for easy software updates and troubleshooting.
A good deal of IT work can be done from a single office.
The Expansion of RDP Connections
When most businesses were operating within local networks, RDP was not a high-security concern. Although the host desktop was under remote control, the guest desktop was still within the same physical network. Someone trying to infiltrate the system would have to get into the building.
All of this changed as internet connections became the standard for business. Other employees began to see the benefit of connecting to their work desktop from a remote location.
If the business configured its routers to allow the connection, employees could access their work stations from home or on the road. While such remote access increased productivity, it also led to an increase in security concerns. Every connection was a vulnerability.
Encrypting RDP
As early as 2003, Microsoft realized the need for encrypted RDP connections. People were using Remote Desktop Protocol for uses beyond the way it was originally designed. For several years, Microsoft included Secure Sockets Layer (SSL) encryption by default.
This kind of encryption was the industry standard for many years.
In current versions of the software, the program uses Credential Security Support Provider (CredSSP) for RDP encryption. CredSSP encrypts the connection using Transport Layer Security Protocol, a higher level of encryption. It also uses a higher level of authentication with doubly encrypted credentials.
The Issue of Legacy Software
One of the issues with RDP connections on a network is the number of versions of Windows software in existence. To provide flexibility, an employee can configure the host computer to accept connections from computers with older versions of RDP.
It will adapt its encryption level to the lower standard. If you are not careful, you can lower the level of encryption across your network with this configuration.
For the sake of overall security, it is important that all the computers on your network are running up-to-date versions of RDP.
This not only makes certain that encryption levels are the same, but also that all security fixes are current.
Encryption as Part of Overall Security
While encryption is an important part of keeping your business’ data safe, it is not the complete package. The most common breaches through RDP connections are due to human error. When connections were only made on the local network, you knew the physical locations of every desktop. If there was a problem, it had to be in your building.
Today, the connection is only as safe as the guest computer. If someone connects to your network using a laptop in a coffee shop, that secure connection is happening in a public space. For this reason, there are important security steps to take on both ends of the connections.
Protect the Host
For the host computer, it is important to use high levels of authentication, making certain that only authorized people can connect to your network.
If possible, you may want to work with a service that can restrict access on the host computer itself.
Most employees do not need full access to the contents of a desktop or your network from a remote location.
If someone should make a criminal connection using a stolen laptop, they will only have access to what the employee can normally access remotely.
Protect the Guest
For the guest computer, employees need to recognize the importance of a strong password.
Simple passwords make it far too easy for hackers to gain illegal access. It is also critical for employees to close connections when they are done. No amount of security or encryption can protect your network if the connection is already open.
RDP is an important tool for employee flexibility and productivity. Yet, it is important to recognize that these kinds of connections can also be a vulnerability.
To keep your network and data secure, be sure to explore your remote connection options.