Stefan Mileschin

Managing to be both insecure and indispensable

Indispensable enterprise software Remote Desktop Protocol (RDP)enterprise computing is continuing to be a nightmare for admins.

The September 2019 Patch Tuesday round closed two remote code execution bugs in RDP, while the high-profile BlueKeep and DejaBlue vulnerabilities from earlier this year required heavy patchwork

RDP servers are the victims of choice for botnets and more than 1.5 million of them have been brute forced.

Cameyo released on Wednesday an open-source RDP monitoring tool -- appropriately titled RDPmon -- for enterprises to identify and secure against RDP attacks in its environment. The tool provides a visualisation of the number of attempted RDP connections to servers, and view of the currently running applications, the number of RDP users, and what programs those users are running, likewise providing insight to the existence of unapproved software.

RDP was designed with the intent to be run inside private networks, not accessible over the internet.

Despite that, enterprise use of RDP over the internet is sufficiently widespread that RDP servers are a high-profile, attractive target for hackers. The report says Cameyo found that Windows public cloud machines on default settings -- that is, with port 3389 open -- experience more than 150,000 login attempts per week.

https://fudzilla.com/news/49424-rdp-...rity-nightmare