Remote Desktop Protocol Security

What is an RDP Attack?

Remote Desktop Protocol (RDP) attacks have been a popular way for hackers to breach the security of a device or company network.  An RDP attack takes place when an unauthorized person or entity is accessing a network through the device’s RDP ports.  The attack is commonly an actual person using brute force to hack into the RDP port, or it could be an automated technology also using brute force to access the RDP port.  Brute force is a term used when someone, or something, is guessing user credentials over and over again until they are able to gain access.

Our Defense — Disabling Ports

With the addition of our Endpoint Vulnerabilities Report and a new action for Remote Desktop Protocol at the device page, there are several places within PC Matic Pro and MSP to disable RDP ports. In order to disable RDP on a device, it must be online and have a current connection to your management console. You’ll notice in the Endpoint Vulnerabilities Report that a device may display with a grey toggle which means it is not currently connected and can’t be disabled. (See Example Below)

The device HYPERV-PCP is currently offline so we can’t disable the RDP port.

From the Actions menu at the device page, you can always enable the RDP port again if you disabled it by mistake. The enable button will only show if the RDP port is currently disabled.

If RDP is already disabled, the only button that will display here is the Enable EDP option.

279 total views, 1 views today

(Visited 1 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.