Exposed RDP Servers: 3.5 million accidents just waiting to happen
Summary
As of April 2024 there are over 3.5 million Internet-visible Remote Desktop (RDP) servers, this equates to 3.5 million accidents just waiting to happen.
While the real-world level of risk depends on the specific server configuration and authentication mechanism, directly exposing RDP (or any other complex remoting protocol) to the Internet should always be avoided. These servers are a well known, high-value, target and every single one will be subject to continual intrusion attempts.
For any servers that are not correctly configured, it is simply a matter of time before a weak or compromised password will be used to gain access to the host and any contained data. Attackers now have a vast trove of compromised passwords at their disposal and RDP servers are a prime target for opportunistic attackers looking for their next ransomware victim.
A brief analysis of EdgeScope’s RDP data shows that this is a widespread problem in the UK. There are thousands of UK based companies with exposed RDP services, including financial services, healthcare, utilities and government agencies.
Mitigation
While strong authentication and standard server lockdown steps can help to reduce the risks, we always recommend simply getting these servers off the Internet. There is a wide array of technical solutions that can be used to provide secure access to RDP servers without them being directly exposed to the Internet, including:
Authenticated Proxy Services: Available from Amazon, Cloudflare, Google and Microsoft.
Zero Trust Solutions.
Microsoft’s Remote Desktop Gateway.
Virtual Private Networks.
Each approach does come with its own set of technical constraints but in the vast majority of cases there is a simple low cost solution that can provide secure access to RDP servers without having to run the gauntlet of direct Internet exposure.
If you do have an Internet visible RDP server then we would strongly recommend taking steps to limit your exposure.
If you need any help with this then don’t hesitate to get in touch. Our experts have over 20 years of in-depth experience analysing and securing remote access technology and can provide everything from risk management guidance through to complete packaged solutions for your business.