Our technology team strives to be at the forefront of both implementing improvements and securing against threats to our system. Recently we disabled remote access due to rising security concerns. If your business is using remote access, we'd suggest taking the steps below to secure your system.
There are a number of Ransomware and Malware threats that are specifically using Microsoft’s Remote Desktop Protocol to inject ransomware. A few of them are:
- CrySiS
- CryptON
- Samsam
- MegaCortex
Generally the threat is from brute-force attacks which allow a bad actor access to your remote server. The success of these attacks can be mitigated by complex passwords or changing RDP to listen on a port other than 3389 with the below steps:
- Start the registry editor (regedit)
- Navigate to the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control
\Terminal Server\WinStations\RDP-Tcp\PortNumber - Click Edit > Modify, and then click Decimal
- Type the new port number, and then click OK
- Restart Computer
These steps will help but still leave your server exposed. For maximum protection it’s best to use a Virtual Private Network to gain access to your systems. A VPN extends your LAN to wherever you are, all your internal computers are accessible via internal IP addresses, not public addresses. VPNs can be configured using your existing Cisco or Sonic Wall with some additional licensing or using Microsoft’s built-in VPN software. In any case it will create an extra step when you want to connect to your server but it will make that access essentially invisible to the general internet.
To keep your company’s data secure, we suggest performing periodic IT audits to check systems for vulnerabilities and to review existing security procedures.