Remote Desktop Software – Keep or kill? Your 5-Step Guide!
With the move to remote working, more of us have been relying on Remote Desktop Software to access our office desktop PCs safely and securely from home – but just how safe and secure is what we’re using?
As our remote working and access needs have skyrocketed over the past 18 months, so too have the number of cybersecurity exploits and alerts exposing various Remote Desktop Protocol (RDP) and remote desktop software vulnerabilities. What do you need to know and what action should you take now to keep, kill and secure redundant software?
What is Remote Desktop Software?
You might not even be aware that this is what you are using, but if you are using remote desktop software it means you have software in place that allows you to connect and interact with a computer in another location via either an internal network, the Internet or both.
It’s important to understand that remote desktop software is different from screen sharing software. You might have meeting software or apps for example that allows you to share what you have seen on your screen with others online for presentation purposes, for example, but you and only you remain in full control of your screen and your machine. Remote desktop software is also different to using a cloud-based service, where your files are not stored in a physical machine, but you log in to view and access them from anywhere via the cloud instead.
Remote desktop software on the other hand, allows yourself, or another party with access, to not only see files or work but to also control a connected physical PC or laptop in the same way as if they were sitting directly in front of it.
Some common Remote Desktop Software names include TeamViewer, AnyDesk, Zoho Assist, Remove Desktop, Splashtop, ConnectWise Control, Screen Connect, VNC Connect, GoToAssist and others.
Why would I have Remote Desktop Software installed?
There are several ways that remote desktop software may have found its way onto your computer.
- Your company may have deployed it or installed it to facilitate you being able to access your work or office computer from home
- Your IT provider may have deployed it, or have prompted you to install it, so they can get their hands on your keyboard to resolve or remediate an IT issue you’re experiencing
- Another vendor or provider may have prompted you to install it so they can deploy or make a change to the product they provide that you are using on your computer
- You may even have been duped into downloading it via a very realistic phishing email!
Why might your remote desktop software be a problem?
Used correctly and securely and patched and updated regularly, remote desktop software is an integral and important tool in maintaining remote working access and IT support capabilities, especially for organisations still reliant on physical, on-premises infrastructure.
However, to work, remote desktop software relies on remote desktop protocol or “standard”. There are various protocols, but the most common is the Remote Desktop Protocol (RDP), and depending on how it is configured, RDP may leave a listening port open on the target machine, which potential attackers could exploit. They might be able to attack this port and gain access via a brute force attack (just bombarding the connection with common passwords to see if one will work), using stolen access credentials gained through a phishing attack, or, in the case of an insider attack or a disgruntled employee, using credentials they have access to within your organisation.
But RDP vulnerabilities are not the only issue.
- Weak password protection on the remote connections can make it easy for cybercriminals to break into or intercept the session and gain access to everything on a user’s computer.
- Lack of multifactor authentication on access services of any kind.
- Simple human error can leave connections or access credentials exposed.
- Lack of human verification and identification processes may cause you to fall for a malicious “support caller” who requests urgent access to your device
- Failure to maintain patches or apply updates can leave you unwittingly unprotected!
Failure to keep or kill “used” software
In the process of addressing security alerts, updates and patches for RDP or remote desktop software, we usually scan networks or devices to find out if they are exposed. And increasing these scans are showing a litany of unpatched and updated remote desktop software installs that organisations have neither intentionally “kept” nor proactively “killed off”. They’ve been more or less installed, used, and then forgotten.
Typically, this will be because a particular vendor or support agent has, at some point in the past, required the software to be installed to assist with remediating some sort of incident, and then once the issue is fixed and you return to work, the software remains on your system and as more time passes, it falls off your “security radar” so to speak. Then later when a security alert does arise, sweeps of client systems invariably show up a few remote desktop software “surprises” that IT teams either didn’t know about to start with or forget were out there.
Actions to take now
Taking time to review what you and your team may have installed previously and forgotten and ensuring you’ve applied the latest updates and patches is a step you should take now. Here’s the step by step list of action items.
Step 1. Make sure your RDP is configured correctly, with public, internet-facing ports closed and all the latest patches and updates applied
Step 2. Ask your Managed IT Services provider to run a check on what remote desktop access software is installed across your environment.
Step 3. Determine from that list what software needs to be kept and what needs to be killed off, pronto.
Step 4. Once you have a mandated list of remote desktop support software make sure that future installs are subject to some sort of approval process, and that you keep up to date with the latest patches, updates and alerts for your software of choice.
Step 5. Make sure you have Multifactor Authentication in place wherever you can and should!
You can read more about the specifics of security remote desktop access software and clients in the Australian Cyber Security Centre article on Using Remote Desktop Clients right here.
Need help to find out what you have installed and what next steps should be? Give us a call on 1300 629 786 or Contact us here.