What Is Remote Desktop Protocol (RDP)?
Remote Desktop Protocol (RDP) Meaning
Remote Desktop Protocol (RDP) enables a computer user to access another computer in a different location. RDP is a secure network communications protocol created by Microsoft, allowing remote access to applications and desktops. It offers remote management to network administrators, who can diagnose and resolve issues that users encounter. It is also used to support network topologies and local-area network (LAN) protocols.
Understanding "Remote Desktop"
Remote desktop means being able to connect to and use one computer via another computer. This enables users to access the applications on a device that is in a different location. For example, an employee could use remote desktop to access a work device when they are at home or traveling. Admins can also manage multiple users simultaneously using a Windows Server with Remote Desktop Services, or a Terminal Server, enabled.
Cloud computing enables users to work remotely, but that is where the similarities with RDP end. With cloud computing, users can access applications and files located in the cloud on cloud servers. But RDP enables them to access files on their computer from a separate location. Both tools are useful for remote working but work in very different ways.
RDP is also often compared to virtual network computing (VNC). However, VNC connects to a user’s RDP session but cannot be used to create virtual desktops. VNC connects directly to a computer, whereas RDP connects to a terminal server, making RDP much quicker than VNC.
Properties of Remote Desktop Protocol (RDP)
RDP offers secure connections between users’ devices and servers and encrypts virtual desktops. Critical properties of RDP include:
Smart Card Authentication
This enables users to verify their identity through smart cards, which are physical security tokens that include an embedded chip.
Bandwidth Reduction
RDP often offers reduced bandwidth because most of the user’s screen is not updated, which ensures it does not need to be retransmitted.
Multiple Display Usage
RDP admins can connect to multiple users’ devices and displays. They can also temporarily disconnect without logging off the service.
Virtualized Graphics Processing Unit (GPU) Support
RDP has a set of protocols called RemoteFX, which enables the remote delivery of virtual desktops over LANs. RemoteFX offers a higher-quality user experience because it provides advanced coding and virtualization of graphics.
Audio Redirection
Audio redirection enables audio from remote desktops to be redirected onto the user’s computer.
File System Redirection
File system redirection enables files stored locally on a device to be sent to and used on remote desktops.
Printer Redirection
Printer redirection ensures that printers located in local networks can be used during remote desktop sessions.
Port Redirection
Port redirection enables applications used through a remote desktop session to access local ports.
How Does the Remote Desktop Protocol (RDP) Work?
RDP transmits the activity a user carries out on one computer, such as mouse movement and keyboard activity, to another computer remotely. The desktop of the device they are accessing remotely is displayed on the device they are using to connect to it.
This works via the RDP creating a network dedicated to sharing data between the two devices. Data is always shared using network port 3389 and is sent through core internet protocols like Transmission Control Protocol/Internet Protocol (TCP/IP) and User Datagram Protocol (UDP). RDP encrypts data to secure connections and user activity.
RDP requires an RDP server, which is typically the user’s Windows computer, and an RDP client, a device with an RDP application that allows an administrator to control and make remote changes to the user’s device. This remote desktop setup only enables admins to make changes to the user’s Windows device, which differentiates it from cloud computing.
Pros and Cons of Remote Desktop Protocol (RDP)
There are advantages and disadvantages to using RDP. Below is an overview of the pros and cons.
Pros
VPN Not Required
Using RDP means organizations do not have to use virtual private networks (VPNs) to guarantee secure connections from insecure locations or Wi-Fi networks.
Data Stored Securely on the User's Desktop
A significant benefit of RDP is that data is stored securely on users’ desktops, which means they do not have to move it to cloud servers or store it on insecure personal devices, such as Universal Serial Bus (USB) drives.
On-premises IT Set-up
RDP is also useful for enabling all employees to work from home or on the go while travelling. This is particularly helpful for organizations that are restricted to legacy on-premises IT environments and cannot utilize cloud servers.
Cons
User May Experience Lag
RDP can result in users experiencing lag, especially if they have a slow internet connection. This is often caused by user activity having to be encrypted and transmitted to their remote desktop then back to them via the internet.
Security Vulnerabilities and Cyberattacks
Is RDP secure? Despite encrypting traffic, organizations still question whether RDP is secure as a result of RDP attacks happening in recent years. That is because it contains security vulnerabilities that cyber criminals have exploited. These include weak user login credentials, as computer passwords are also used to access remote RDP logins, which leave users open to brute-force attacks and credential stuffing.
Another significant risk is that RDP always uses port 3389, which provides cyber criminals an opportunity to exploit a security weakness.
Lower Employee Productivity
The lag that RDP causes may result in lower employee productivity. For example, it can result in an application taking a little longer to load than users might expect.
How RDP Vulnerabilities Expose Organizations to Security Risks
RDP vulnerabilities stem from a combination of cybersecurity issues, both common and unique to RDP protocols.
Weak Sign-in Credentials
How does RDP work in terms of security? As is the case with other kinds of attacks, weak sign-in credentials can result in RDP attacks.
Here is why these are problematic for networks that allow RDP-based connections: Once a hacker has access to the sign-in details used for remote logins, they gain free rein to the inner workings of the machine they are able to connect to. Unlike other attack vectors, RDP offers an adept hacker the same kind of access an end-user would have.
The traditional RDP meaning includes user devices that need to interface with each other, so weak sign-in credentials make it easy for attackers to levy brute-force attacks, which depend on trial and error. This may sound like a cumbersome attack method, but hackers use software to try thousands of passwords. And because an RDP attack yields such comprehensive access, it is well-worth a hacker's effort.
Unrestricted Access to Port 3389
For a computer to communicate with another device, it has to send data through a port. The majority of RDP connections happen at port 3389, and hackers know this. If an RDP connection is happening on the open internet, hackers can presume it is occurring on port 3389 and then simply target that port.
Vulnerabilities That Have Already Been Patched
The most widely accepted RDP definition includes devices that connect to each other remotely. These connections can present security problems. But in many cases, the most pressing RDP security issues already have available patches. If your admins have not installed these patches, your system could still be vulnerable.
For example, a vulnerability by the name of “BlueKeep,” which used port 3389, was patched by Microsoft back in 2019. If you do not have this patch installed, your system is still vulnerable to BlueKeep.
Best Practices to Prevent RDP Security Issues
Some of the most effective ways of preventing RDP attacks include:
- Enabling network-level authentication
- Limiting who can use RDP
- Using two-factor authentication (2FA)
- Using strong passwords
- Restricting access with firewalls
How Fortinet Can Help
Fortinet enables organizations to secure their RDP activity through its FortiGate next-generation firewalls (NGFWs). NGFWs filter network traffic to protect businesses against internal and external security threats. They provide features like packet filtering, IP mapping, IP security (IPsec), network monitoring, and secure sockets layer (SSL) VPN support. They also offer more in-depth and more advanced features, such as application control, intrusion prevention, and SSL inspection, which enable organizations to identify and block malware and other forms of cyberattacks.
NGFWs also offer future updates, which ensure businesses are always protected from the latest threats and attack vectors as the threat landscape evolves. Users need to create a new firewall policy that allows RDP traffic to pass through their FortiGate firewall.
Fortinet FortiGuard Labs, the threat intelligence and research labs arm of Fortinet, provides businesses with the latest insight into cyber threats, trends, and vectors being used by cyber criminals. It ensures organizations are armed continuously with the latest threat intelligence alongside industry-leading threat identification and protection, enabling them to better secure their networks, environments, and users.
FAQs
What protocol does Remote Desktop use?
Remote Desktop Protocol (RDP) is a secure network communications protocol created by Microsoft, allowing remote access to applications and desktops.
Does RDP use UDP?
Yes, data is always shared using network port 3389 and is sent through core internet protocols like Transmission Control Protocol/Internet Protocol (TCP/IP) and User Datagram Protocol (UDP).
