What is remote desktop protocol?
- IAM Glossary
- What is remote desktop protocol?
Remote desktop protocol (RDP) is a network communications protocol that allows users to remotely connect to computers in a secure manner. In addition to enabling IT administrators and DevOps personnel to perform remote systems maintenance and repair, RDP allows non-technical end users to remotely access their workstations.
RDP was originally developed by Microsoft and is pre-installed on most Windows machines. Additionally, RDP clients, including open-source versions, are available for Mac OS, Apple iOS, Android and Linux/Unix systems. For example, Java Remote Desktop Protocol is an open source Java RDP client for Windows Terminal Server, while Apple Remote Desktop (ARD) is a proprietary solution for Macs.
How does remote desktop protocol work?
RDP is sometimes confused with cloud computing because both technologies enable remote work. In actuality, remote access is where the similarities between RDP and the cloud stop.
In a cloud environment, users access files and applications stored on cloud servers – not their desktop computer’s hard drive. In contrast, RDP directly connects users with desktop computers, allowing them to access files and run applications as if they were physically sitting in front of that machine. From this perspective, using RDP to connect and work on a remote computer is much like using a remote control to fly a drone, only RDP transmits data over the internet instead of using radio frequencies.
RDP requires users to install client software on the machine they’re connecting from, and server software on the machine being connected to. Once connected to the remote machine, remote users see the same desktop graphical user interface (GUI) and access files and applications the same way as they would if they were working locally.
RDP client and server software communicate through network port 3389, using the TCP/IP transport protocol to transmit mouse movements, keystrokes and other data. RDP encrypts all data in transit to prevent threat actors from intercepting it. Because of the GUI, client and server communications are highly asymmetric. While the client transmits only mouse and keyboard inputs – which consist of relatively little data – the server must transmit the data-intensive GUI.
What is RDP used for?
Even in a cloud-based world, RDP is an excellent fit for many use cases. Here are some of the most popular:
- Because RDP connects users directly to a specific machine, it’s used extensively by administrators, help desks and technical support personnel to set up, maintain, troubleshoot and repair desktop computers and servers.
- RDP provides a ready-made GUI when connecting to servers, so administrators can choose to do their work through the GUI instead of the command line interface (CLI).
- RDP enables users to use a mobile device or low-end computer to access a remote machine with far more computing power.
- Sales and marketing personnel can use RDP for demonstrations of processes or software applications that are typically only accessible on-premises.
- RDP and cloud computing can be used together. Microsoft Entra ID (Azure) customers use RDP to access virtual machines on their Entra ID (Azure) cloud instances. Some organisations use RDP to enable remote workers to access cloud environments through a virtual desktop interface (VDI), which could be simpler for non-technical users.
What are the benefits and drawbacks of RDP?
Because it connects directly to on-premise servers and computers, RDP enables remote work in organisations with legacy on-premises infrastructure, including hybrid cloud environments. In the same vein, RDP is a great option when remote users must access data that must be housed on-premises for legal or compliance reasons. IT and security administrators can restrict RDP connections to a particular machine to only a few users (even one) at a time.
However, for all the benefits of RDP, it does have some drawbacks, including:
- Since user keyboard and mouse activity must be encrypted, then transmitted over the internet to the remote machine, RDP connections suffer from latency issues, especially if the client computer has a slow internet connection.
- RDP requires the use of software on both client and server machines. While this software is pre-installed in most versions of Windows, it must still be configured and maintained. If RDP isn’t set up properly, and software updates aren’t applied promptly, significant security issues could result.
- RDP is susceptible to numerous security vulnerabilities, which we’ll discuss in the following section.
Rdp security vulnerabilities
The two biggest security vulnerabilities of RDP involve weak login credentials and the exposure of port 3389 to the internet.
Left to their own devices, employees use weak passwords, store passwords insecurely and reuse passwords across multiple accounts. This includes passwords for RDP connections. Compromised RDP credentials are a major vector for ransomware attacks. The problem is so pervasive that a popular social media meme darkly jokes that RDP really stands for “ransomware deployment protocol.”
Because RDP connections use network port 3389 by default, threat actors target this port for on-path attacks, also known as man-in-the-middle attacks. In an on-path attack, a threat actor places themselves between the client and server machines, where they can intercept, read and modify communications going back and forth.
How to secure RDP
First, decide if your organisation really needs to use RDP, or if you’d be better off with an RDP alternative, such as virtual network computing (VNC), a platform-agnostic graphical desktop sharing system. If RDP is your best option, limit access only to users who absolutely need it, and lock down access to port 3389. Options for securing port 3389 include:
- Configure firewall rules so that only allow-listed IPs can access port 3389.
- Require users to connect to a virtual private network (VPN) before they can log in to RDP.
- As an alternative to a VPN, require users to connect to RDP through a remote desktop gateway such as Keeper Connection Manager. In addition to being easier to use and less sluggish than a VPN, remote desktop gateways have session recording capabilities and enable administrators to mandate the use of multi-factor authentication (MFA).
Comprehensive password security is just as important as protecting against port-based attacks:
- Require employees to use strong, unique passwords for every account, not just RDP, and require the use of MFA. Deploy an enterprise password manager (EPM) such as Keeper to enforce these policies.
- Consider “masking” RDP passwords. This is a feature in password managers, including Keeper, that allows users to autofill a password into a login form, but the user can’t view the password.
- Don’t use the user name “Administrator,” “Admin,” or equivalent. Many automated password crackers attempt to guess the password for the administrative user, since that account has the highest privileges.
- Use rate limiting as a defense against brute-force password attacks. Rate limiting prevents password cracking bots from making hundreds or thousands of rapid-fire password-guessing attempts in a short amount of time by blocking the user after a small number of incorrect guesses.