Remote Desktop operates over an encrypted channel that prevents anyone from viewing your working session by listening on the network. In earlier versions of RDP, it was more vulnerable. The vulnerability in the old version allowed for unauthorized access to your working session with a man-in-the-middle attack.
A man-in-the-middle attack (MitM) is a type of cyber attack wherein an attacker intercepts the communications or data transmissions between two parties (such as a web server and a user’s browser) in transit. Even if an attacker is able to snoop on the user’s traffic and is able to capture the user’s username and password as they are logging in, they won’t be able to log in using that username and password because they are not in possession of the MFA tokens.
Securing your RD Gateway doesn’t have to be hard. In fact, there are several ways to secure your two-factor authentication with the Remote Desktop Gateway.
Security Tips to Securing Remote Desktop
Using Strong Passwords
This one seems like a no-brainer. When it comes to passwords, you want to make sure you’re using a strong password with a great combination of numbers, symbols, and letters. This is to ensure that hackers can’t easily guess your passwords with their systems. Ideally, you want these passwords to be around 12 characters long, and a random mix of characters. You also don’t want to re-use this password on another site because if one site is hacked, then every other site with that password is also hacked.
Keeping your password safe is also important. You’ll want to save the password either in a password vault like Lastpass, or on a protected security key to ensure no one else has access to it.
Using Multi-Factor Authentication
To safely secure your two-factor authentication with Remote Desktop Gateway, you may want to consider adding another layer of security just to be sure. While two-factor authentication is still a great way to protect your Remote Desktop, adding a third layer may be just what you need to be fully secure during the authentication process.
If you’re using a third party authenticator application, you can simply add in a security question after the second authentication that users can answer quickly so it doesn’t take up a lot of your user’s time when signing in.
Update Your Software
An advantage of using a Microsoft two-factor authentication is that it automatically updates to the latest security fixes in the standard Microsoft cycle. To ensure maximum with your Remote Desktop, make sure you enable automatic updates. If you choose to use Remote Desktop through other platforms, make sure you have the latest version as older versions may not support high encryption and have other security flaws.
Set An Account Lockout System
As an administrator, it’s in your best interest to set a number of incorrect guesses on one person’s account. This prevents hackers from using automated guessing tools and gaining access to your system (known as the brute-force attack).
By setting a lockout time, you’re allowing a short window of opportunity should there ever be a breach. Ideally, if a user is inactive for the time you selected (ex. 3 minutes), then the user will automatically be logged out and have to log in and authenticate themselves again. This prevents anyone from accessing information while the user may be away from their computer screen.
However, you choose to protect your two-factor authentication with Remote Desktop is entirely up to you and your company’s needs. Think about the authentication process that your users use and secure it in a way that you can further protect your two-factor authentication without compromising the user experience.
