Question

1.Explain the security risks of devices with Remote Desktop access enabled

Answer 1

Answer :-

The Remote Desktop Protocol(aka RDP) is a proprietary protocol developed by Microsoft that is used to provide a graphical means

of connecting to a network - connected computer.

RDP is a protocol for dangling your keyboard , mouse and a display for others to use. As ypu might expect , a juicy protocol like this has a variety of knobs used to control its security capabilities ,including controling user authentication , what encryption is used , and more.

When dealing with RDP protocol , there are (by default) several vulnerabilities and security risks you should know:-

1. Man-in-the Middle(MiTM)

2. Encryption Attack

3. Denial of service(DOS) Attack

4. RDS Misconfiguration

5. Ransomware

6. Brute-Force Attack

1. Man-in-the Middle(MiTM)

Although the remote desktop service provides data encryption between the client and server by default , it doesn't provide authentication for verifying the identity of the terminal/RDSH server.

This lack of identity verification allows a malicious person, by deploying other nefarious activities, to intercept all communications

sent between client and a terminal server.

The likelihood of this type of attack depends on a hacker's ability to control connections between the client and the terminal server.

Typically,this requires the criminal to perform other attacks such as ARP(Address Resolution Protocol) spoofing or DNS (Domain Name System) spoofing , which redirect connections to the attacker prior to sending the data to the legimate server.

2. Encryption Attack

By default, the remote desktop service uses an encryption setting of client compatible(medium).

This level of encryption encrypts data sent between the client and the server at the maximum key strength supported by the client .

It's generally used in an environment containing mixed or earlier-version clients.

The medium setting may facilitate the use of weak encryption which could be decrypted ina reasonable time-frame and lead to the

disclosure of sensitive information.

3. Denial of service(DOS) Attack

Terminal servers which support network level authentication (NLA) but do not have it configured present a risk.

NLA forces the clients computers to present user credentials for authentication before the server will create a session for that user.

As session creation is relatively resource intensive, NLA provides a layer of defense against denial of service attacks,

whereby a malicious user makes repeated connections to service to prevent its legimate use by others.

4. RDS Misconfiguration

If user misconfiguaration RDS protocol in their divices then there is probability for attack.

All RDSH servers must be hardend and locking down to avoid any risk related to RDS misconfiguaration.

5. Ransomware

Ransomeware attacks are getting more targeted to be more effective.And one of the primary attack vectors is the Remote Desktop

Protocol(RDP).Remote desktop is exactly what the name implies, an option to remotely control a PC.

And with the currently-availabe software,it almost feels as if you were actually sitting behind that PC- with is what makes it so dangerous.

6. Brute-Force Attack

RDP become vulnerable to Brute-force attack when using a weak passwords.

It's recommended to define and enforce a strong password policy for all remote desktop users that connect to your RDS collection.

RDP, if not properly configured and secured, can act as a gateway within an organization for cybercriminals to access sensitive internal resources.
Attackers can also exploit vulnerable RDP services to perform remote code execution and seize control over targeted gateways.

so,In this way security risks of devices while Remote Desktop access enabled .