RDS TOOLS blog
May 29, 2023
February 23, 2017
May 29, 2023
RDS and TSE systems have long been favorite targets of hackers because they have access to valuable information and they are relatively easy to exploit. A successful attack can result in a variety of devastating consequences including financial loss, damage to brand reputation, and loss of customer trust. Most organizations do not recover from a major security breach, making it absolutely critical to protect your users and customers from threats that target applications and RDS server files systems.
Remote desktop is a common feature in operating systems. It allows a user to log into an interactive session with a graphical user interface on a remote system. Microsoft refers to its implementation of the Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS). It would be fairly reasonable to assume that the majority of security risks would be undertaken by running a RDS server, and there were some quite infamous exploits of it in the past, for example vulnerability to pass-the-hash or MITM attacks on non-encrypted connections. We probably still all remember disabling Remote Assistance and removing associated port exceptions in firewalls as one of the first things we did upon installing Windows. But risks involved in using a RDP client don't seem so self-obvious.Adversaries may connect to a remote system over RDP/RDS to expand access if the service is enabled and allows access to accounts with known credentials. Adversaries will likely use Credential Access techniques to acquire credentials to use with RDP. They may also use RDP in conjunction with the Accessibility Features technique for Persistence.While you will not be able to find documentation on self-propagating exploits (i.e. viruses, trojans, or worms) taking advantage of Remote Desktop Connections through the use of the updated RDP protocol clients, there are still some risks involved with connecting to RDP servers:
We have probably left out a lot of other possibilities to abuse users trust on the RDP server they're establishing a session with but the user assumes this trust anyway, failing to see the potential danger in doing so. These four example attack vectors should be hopefully enough to demonstrate that there is a clear need for using RDS-Knight to prevent brute force attacks and to protect your RDS servers.RDS-Knight Security solution consists of a robust and integrated set of security features to protect against these Remote Desktop attacks. We are the only company that delivers a complete solution with the proven performance and security effectiveness to meet the increasing demands of hosted RDS servers.