Center for Internet Security (CIS) releases remote desktop protocol guide

The Long and Winding Road to Cyber Recovery

With telecommuting and remote work on the rise as a result of the COVID-19 pandemic, Remote Desktop Protocol (RDP) usage has drastically increased. RDP allows end-users to connect to organizational systems remotely, ultimately increasing productivity and reducing the need to purchase additional hardware to support those who may work both in the office and at home. While the benefits are plenty, the increased usage has also resulted in an increase in the number of targeted attacks to poorly secured network protocols and services. To combat commonly exploited protocols, the Center for Internet Security, Inc. (CIS) has released guidance to help organizations mitigate these risks to protect and defend against the most pervasive cyber threats faced today that can be exploited through RDP.

CIS’s guide, Exploited Protocols: Remote Desktop Protocol, leverages best practices from the CIS Controls and secure configuration recommendations from the CIS Benchmarks to help organizations secure their RDP from attacks. Each section provides a high-level overview of the direct mitigation for securing RDP, followed by applicable CIS Controls and CIS Benchmarks. The CIS Controls include, and are ordered by their respective mapping to the NIST Cybersecurity Framework (NIST CSF).

“Remote environments have always been a desired target for attackers to conduct a cyberattack, and COVID-19 has increased that attack surface,” said Curtis Dukes, CIS Executive Vice President & General Manager, Security Best Practices. “The purpose of the CIS guide is to provide an overview of what RDP is, the attacks associated with this protocol, and how an organization can best protect itself against an RDP-based attack.”

Exploited Protocols: Remote Desktop Protocol addresses basic cyber hygiene and is intended to assist organizations that would like to start using RDP, or those already implementing it, secure their systems via a few low-cost, or no-cost mitigations. These are just a few of the most important recommendations for any organization using RDP:

Place RDP-enabled systems behind a Remote Desktop Gateway (RDG) or virtual private network (VPN)
Update and patch software that uses RDP
Limit access to RDP by internet protocol (IP) and port
Use complex, unique passwords for RDP-enabled accounts
Implement a session lockout for RDP-enabled accounts
Disconnect idle RDP sessions
Secure Remote Desktop Session host

RDP-based attacks can flourish not because their targets lack the most expensive software or applications, but rather because they lack basic cyber hygiene. The CIS Controls and CIS Benchmarks included in Exploited Protocols: Remote Desktop Protocol can help organizations effectively strengthen their basic cyber hygiene, and help protect against RDP-based attacks.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.