The Time to Increase Security Against Malware with RHUB Remote Support Servers Is Now
Security breaches have become so common, they are increasingly part and parcel of the day’s headlines. While not all of the breaches have common links, one thing they can have in common is poor remote access security.
According to recent data releases, malicious hackers are now taking advantage of publicly available tools in order to specifically locate and identify businesses that utilize remote desktop applications. Remote desktop solutions such as Apple Remote Desktop, Microsoft’s Remote Desktop, Splashtop 2, Chrome Remote Desktop, LogMeIn, Pulseway, Join.Me, and others certainly provide a tremendous amount of efficiency and convenience when it comes to connecting to a computer via a remote location. Unfortunately, they can also serve as a gateway for hackers.
Once those applications have been identified, persons with malicious intent can attempt to force the login feature of the remote desktop solution. Once the suspect has gained access to what was previously a secure access account, it is possible to deploy a point-of-sale malware. As a result, the suspects are then able to remove consumer payment data using an encrypted POST request.
This dire situation has become increasingly common. Similar attacks have been seen in PoS malware campaign. Some studies now indicate that specifically targeting Remote Desktop Protocol through Bruteforce attacks is definitely on the rise.
In some instances, remote desktop access connections are provided for the purpose of allowing employees to gain access to their computer while working at home or from another remote location. Other remote access connections are established to allow outsourcers and IT administrators to manage and support desktops. Whatever the case may be, it has become crucial for such remote desktop connections to be secured. Since such connections often include critical admin-level permissions that can be exploited by hackers, securing those connections is of the utmost importance.
Some might argue that if an end-user is only using RDP for accessing a single desktop, there is no threat. This is not actually the case. Even in such a situation, it is possible for those credentials to be utilized for installed malware on the system. Once an individual desktop has been compromised, hackers can utilize that desktop to serve as a base for accessing other systems.
So, what can a business do to improve remote access security? The following guidelines can help:
Begin by configuring account lockout settings so that user accounts are locked after a specified period of time. Account lockout settings can also be configured so that the account is locked after a certain number of failed login attempts, thus preventing an unlimited number of unauthorized attempts via an automated attack such as with Bruteforce.
It is also a good idea to limit the number of users who are able to log in using RDP.
Firewalls, both hardware and software, should be used in order to restrict access to remote desktop listening ports.
Complex password parameters should be defined. Establishing an expiration time is also an excellent way to reduce the amount of time in which an attack can successfully occur.
The installation of a Remote Desktop Gateway is another way to restrict access.
Administrative privileges should be limited for users and applications.
Systems should be reviewed periodically for dormant and unknown users.
In situations in which remote access is used for technical support, security can be advanced by following a few additional guidelines:
Remote access tools should be consolidated so that all inside and external remote access can be managed and monitored.
Once a central remote access solution is implemented, the need to open listening ports no longer exists. By blocking opening listening ports, such as TCP 3389, it is possible to shut off that access point for hackers.
Two-factor authentication is imperative. Additionally, each individual should be issued unique login credentials. Vendors and IT teams all too frequently share logins in an effort to save money on the cost of licenses, but this serves to weaken 2FA, thus making it impossible to audit who is actually doing what on a system.
Along with limiting admin privileges for applications and users, it is also a good idea to restrict when and where users are able to remotely access the system.
Keep in mind that while reviewing the system for dormant and unknown users is a good first step, it is better to establish alerts for unexpected activity. For instance, you might set up an alert that will notify you when a login occurs on the weekend or overnight.
Being proactive is always better than responding after the fact. With a full audit trail capture of remote access activity, it is possible to establish a warning system before real damage can be done. Security is multi-layered and it is important to recognize that no single solution will provide all of the protection that you need from a potential data breach. By locking down the initial entry pathway even further, it is possible to significantly increase your chances of keeping hackers at bay.