How to Block RDP Proxy Attacks

September 24, 2024 0 Comments

How to block RDP proxies to prevent fraud (RDP) allows employees to connect to their work desktop from a remote location. This is important for businesses that have multiple offices and employees working in different time zones or who telework. However, RDP has many security risks that can be exploited by cybercriminals.

For example, RDP uses TCP port 3389, making it easy for attackers to intercept communication by launching a man-in-the-middle attack. In addition, a dictionary brute force attack on an RDP server can reveal passwords and expose the system to malware. And, older versions of Windows contain security flaws like BlueKeep that make it possible for hackers to infiltrate and take control of an organization’s network.

How to Block RDP Proxies to Prevent Fraudulent Activities

In fact, a popular crime forum xDedic that once sold hacked RDP access to users had over 80,000 hacked servers for sale in 2019. Hackers rely on proxies to bypass security measures, including logging, and to avoid detection by anti-virus and firewall software.

Fortunately, organizations can reduce the risk of RDP-based fraud by monitoring and limiting RDP connections to non-administrator user accounts. They can also implement strong password protocols, multi-factor authentication, and account lockout policies. Furthermore, enabling network-level authentication on RDP (which is enabled by default in newer versions of Windows) can help prevent attacks. Finally, ensuring that Microsoft is automatically updating both the client and server software with the latest security patches can also be helpful.

Leave a Reply

Your email address will not be published. Required fields are marked *