How to protect Windows Remote Desktop deployments

Attackers often gain entry to your systems via remote access. As a recent example, attackers took control of software at a US water treatment facility and changed the amount of chemicals entering the system. The computers used to control the water system were reportedly unpatched Windows 7 machines and using the TeamViewer desktop sharing software. The change was noticed and reversed quickly, but the incident underscored the potential to do harm remotely in other venues.

In this era of remote working, remote access is mandatory, but so is monitoring for access and ensuring you are protecting remote access. The FBI recommends the following steps to better protect remote access:

  • Use multi-factor authentication (MFA).
  • Use strong passwords to protect Remote Desktop Protocol (RDP) credentials.
  • Ensure antivirus, spam filters and firewalls are up to date and properly configured.
  • Audit network configurations and isolate computer systems that cannot be updated.
  • Audit your network for systems using RDP, close unused RDP ports, apply MFA wherever possible, and log RDP login attempts.
  • Audit logs for all remote connection protocols.
  • Train users to identify and report attempts at social engineering.
  • Identify and suspend access of users exhibiting unusual activity.
  • Keep software updated.

Here’s how to set up your Windows network to better follow this advice.

Enable Remote Desktop auditing