How to avoid using RDP in Windows

CSOOnline|2019年8月21日

Several new vulnerability disclosures in Windows Remote Desktop Protocol suggest it’s time to stop using it. Here’s how.

版权©2019Raybet2

这是苏珊布拉德利为CSO在线。本周我将对你和自己做出挑战。因此,如果这个小窗口是如何访问服务器以及如何管理服务器,我将挑战您停止使用远程桌面连接。那么为什么我说我们应该停止使用RDP?主要是因为最近出现了三种不同的漏洞,真正展示了我们仍然使用漂亮的古代技术,这是一个漂亮的古代技术,这些技术将使我们处于危险之中。在5月和8月份,漏洞都已发布,基本上当联合国身份验证的攻击者可以连接到目标系统会议RDP并向该端口发送此漏洞的特制请求。是这样的攻击者不必在系统上进行身份验证。它们基本上可以将那些制作的数据包扔到那个端口3389.如果港口打开并侦听他们可以访问系统上的系统并获得它们可以安装程序查看更改和删除数据的系统,则具有完整用户权限的帐户在系统上。对于我们遭到的第一个漏洞可能如此严重的是,他们甚至发布了旧系统的补丁。 They recommended that we disable remote desktop services, enable network level authentication and even block port 3389 at the enterprise permanent firewall.
Microsoft even went so far as to release updates out to Windows XP which I haven't seen a patch for Windows XP for years and they released it to everyone not just those who purchase extended support contracts. So now comes along August and we have two more RDP vulnerabilities. Once again if the attacker has specially crafted packets they can throw them at Port 3389 and again if they gain access they can install programs change or delete data and create new accounts with full user rights. So it's something you want to really take seriously and make sure that you patch as soon as possible especially if you have systems that you're accessing straight to the port. Now while it's been three months since the May updates came out regarding these RDP vulnerabilities. And in that time about a fifth of Internet facing RDP servers haven't been patched. I want to make sure that you take this seriously and don't just think just because we haven't seen an exploit in the wild that it's something to not take seriously. Open ports are vulnerable to not just exploits like this but to also brute force attacks where somebody sits out there and attempts to guess the password over and over again and finally gets into the system. So many times I hear of medical systems in particular on older platforms that the admin still uses RDP to access and to maintain the system. If RTP use and especially if it's used by attackers it's sometimes hard to determine exactly who the good guys are coming in and who the bad guys are. The log files aren't clear. I've included a link in the article to help you determine. And sometimes it's sometimes hard to determine which ones are the good guys and which ones are the bad guys you sometimes have to go through step by step. And look at both sides of the user side of the logs as well as the server side to determine which things are good authentication or which ones are bad. Back in February of this year I had an article on how to install powerful five on Windows 7 in particular. I recommended that because it enabled logging and also you could turn on PowerShell remoting. With PowerShell remoting you don't have to open up RDP port or use 3389. You could do it in a secure way. And in fact I recommend that you do it over TLS or SSL. And I've got some recommendations on how to do that as well. But just a reminder again if this is how you connect to your servers and manage them. I want to challenge you to stop doing that and think about other ways you can script the same things PowerShell remoting is a very very powerful tool. So that you don't have to use port 3389 and expose yourself to additional risks. And don't forget sign up for the IDG tech talk channel out there on YouTube. Until next time this is Susan Bradley for CSO Online.
受欢迎的
来自idg.tv的特色视频