For a month now, we can say without batting an eyelid that telecommuting is the fashion at the moment.
Not to say that is the norm. The coronavirus pandemic has exploded the number of people who now work remotely. However, this remote work is not without risk. For, cyber-prisoners are taking advantage of this moment to expand their action. "Remote access to servers or workstations is a great way to administer them. It is also a prime target for hackers. For example, if hackers access your domain controller's admin account, they have the keys to your Windows infrastructure and can quickly wreak havoc. ». Explains Benoit Grunemwald, Computer Expert at ESET France.
This article will also interest you: Why is telework so popular with cyber criminals?
To protect themselves and ensure that their telework is going smoothly, in an optimal security environment, administrators and IT teams must ensure the maximum integrity of the systems, on those that operate through the Remote Desktop Protocol ( RDP), i.e. all applications and other computer programs that operate through remote access. These include PC Anywhere, VNC, TeamViewer etc in addition to Microsoft's RDP. "Whether it's sending corporate emails to accounting services, hijacking your company's confidential data, or encrypting all your company's files in ransomware attacks, hackers using remote Desktop Protocol can be very dangerous. Stresses the specialist of Eset France.
In addition, there are several methods to combat computer attacks on the PDR. The first is simply to disable it. Many people leave this protocol on when they don't really need it. Unfortunately, this is a free risk that can cost them dearly. In this context when you don't need it, just turn it off.
Second, if you have chosen to use this feature, use it as a way to minimize those who have the right to access it. First, allow access to only through IP addresses to a VPN network. Preferably your company's. The advantage of such a solution lies in the fact that the different rdP connection ports will not be exposed on the internet, therefore to hackers on the lookout.
Finally, if you are exposed, or are forced to expose your ports, it is possible, to avoid attacking your network, to use a port number that is not standard. "Keep in mind, however, that most network scanners check all ports for RDP activity, which should be considered ''security through darkness'', as this provides virtually no additional security against modestly sophisticated attackers. the expert notes. On your side, vigilance is the order of the day. You will have to be in the habit of checking your network's access by checking the daily logs of your various RDP servers.
In addition, you need to enable multi-factor authentication. It's an extra layer of security. It protects you when your access credentials, such as the password, are a trade-off. Note that this measure is considered to be one of the most important. Finally, it is important not to allow incoming RDP connections only via the public IP addresses of the various users of your network. "The easiest way for remote employees to search for their public IP address is to search Google: What is my IP address. The first result will be their IP address. ». When your workers send their public email address, you will be able to make a white list of the addresses you will allow to log in. But you can also make a list of addresses authorized by authorization of their sub-networks.
If your successful RRD settings provide you with the minimum of security to begin with, you should not neglect the other measures that are required. Because no security method is 100% reliable. This is what Benoit Grunemwald points out when he says this: "Even if you secure your RDP access, it has recently been the subject of a series of exploits, so to avoid problems, make sure that all the patches and updates are done. ».
Now access an unlimited number of passwords: