What is RDP?
If you are worried about an RDP hack, it’s important to know what RDP is and whether or not your company is already using it. RDP stands for Remote Desktop Protocol and is a remote desktop solution that comes pre-installed on all Windows PCs.
Companies that range in size from a handful of employees to thousands all use RDP regularly – and often for day-to-day activities. Since Windows computers are the preferred devices in most industries, RDP is a commonly used tool for many businesses.
Whether companies are using RDP to provide remote support or share files and data remotely, Microsoft’s RDP is the remote desktop solution of choice for many precisely due to the fact that it comes already installed. As a Microsoft-only product, RDP does present some limitations if people and employees in your network are using Mac, iOS, or Linux devices [if you’re looking for broader compatibility, check out Netop’s RDP alternative]. But, the bigger issue with RDP is due to how common it is.
1] Corporate/Enterprise VPN
Companies and organizations that had to quickly mobilize for remote working environments have also had to deploy new networks such as VPNs. This growing trend has prompted hackers to exploit a wide range of publicly known vulnerabilities that are found in some VPNs.
The major drawbacks of VPNs are their encryption systems. Not all VPNs provide end to end encryption [EE2E], if not relying on weak or outdated encryption methods.
For example, VPNs using the old VPN protocol, PPTP [Point-to-Point Tunnelling Protocol], have proven to be insecure and proven to break easily. Furthermore, this type of traffic can easily be stumped by a firewall.
Because such outdated protocols can be compromised, they do not provide sufficient security in terms of data protection. Companies using corporate VPNs should be aware of the various VPN protocols and avoid using VPNs with older and less secure protocols.
VPNs run 24/7, which means organizations are less likely to check for and apply security patches on a regular basis. This also makes VPNs vulnerable and susceptible to attacks by hackers. For instance, hackers may start a phishing campaign to target remote employees in order to steal their usernames and passwords that gives them access to the VPN, and by extension, your network.
The 2015 data breach of the human resources department for the US federal government is a prime example of hackers exploiting internal data through a weak VPN.