After over a year of research, my book on how to secure your RDS environments was published. Teleworking was increasingly being relied upon as this book was in the works, and now teleworking appears to be here to stay for many.
Therefore, given how many of you are standing up new Remote Desktop Services deployments or expanding existing ones to facilitate teleworking, it’s imperative to stay focused on RDS security. Hackers and APT (Advanced Persistent Threat) teams are always hard at work. Don’t unwittingly let them in.
This book first walks you through how attackers find your RDS deployments, using normal search engines and device fingerprinting search engines like Shodan. Then I show you the tools hackers use to break into your environment, by performing dictionary attacks, man-in-the-middle compromises, or client-side credential stealing. Next, I illustrate some of the most common techniques and scripts they will use to escalate their privileges from a lowly standard user all the way up to local admin and domain admin, and how they are able to deploy and run these scripts and malware on your servers.
Finally, I discuss the major types of defenses you can deploy to reduce the likelihood of being attacked, and how to mitigate the damage if you are.
A Step Further With The Remote Desktop Commander Suite
The book – just $9.99 on Amazon Kindle by the way – provides plenty of ideas, tips, and tricks that readers can leverage quickly.
To take it a step further, RDPSoft’s cost-effective Remote Desktop Commander Suite can dramatically expand your capabilities. Here are some YouTube videos you can access right now to demonstrate various tactics at work:
- Monitor a Remote Desktop Gateway for logins and login failures, to see if user accounts have been compromised with IP geolocation techniques.
- See which applications are using up the most CPU and memory on your terminal servers, and determine average CPU and memory use per user.
- Review connection statistics like RDP latency and RDP bandwidth use.
- Do some user activity monitoring and time tracking, including screenshot recording.
Remember: If they haven’t already, hackers and APT (Advanced Persistent Threat) teams could come knocking at your door anytime. Don’t unwittingly let them in.
Updated: May 2022.
Leave a Reply