Rdp windows

Let me understand your question,

Allow anyone from Internet able to connect to a system listen on Remote Desktop protocol on your network?    Is that what you are asking?

1.  How update is the system patch level?

2.  There could be a chance of non-publicly disclosure bugs on RDP can use a backdoor (also known as 0 days attack, which I disagree with that term).

3.  How is the password complexity and length?  Does it require multi factor authentication?   Is it a client cert based login authentication?

4.  If I am able to login to that host,  is that system part of Corp Active Directory?  How secured is the AD admin accounts?

and more and more...

Hi

Allow anyone from Internet able to connect to a system listen on Remote Desktop protocol on your network?    Is that what you are asking?

yes  and ofcourse we will give them credentials 

3 . How is the password complexity and length?  Does it require multi factor authentication?   Is it a client cert based login authentication?

No mfa  

no cert based auth 

4 .  If I am able to login to that host,  is that system part of Corp Active Directory?  How secured is the AD admin accounts?

What is the relations Ad admin accounts security  with that 

Thanks 

Let's see, once I am able to RDP login to a host which is part of the AD.  The opportunity is endless.  

I can start by following these steps which I just finish #2,

1. Reconnaissance
2. Initial intrusion into the network
3. Establish a backdoor into the network
4. Obtain user credentials
5. Install various utilities
6. Privilege escalation/ lateral movement/ data exfiltration
7. Maintain persistence

Google "pass the hash" , "windows privilege escalation"   

or I just drop a ransomware on the file servers to lock all the user data , etc. etc...

Hi

In that case  what If I  go  for   without joining domain (Work station )

Thanks 

@simsim,

Better approach will be allow Remote Access over custom port instead of 3389.

Mayur

Hi,

I am trying to understand what are the pros and cons  .

If I give   without joining  domain is there any benefit 

Thanks 

@simsim 

The pro is easy to setup to allow remote access to your network using RDP..

The con is without sufficient protection and monitoring in place (ie MFA, patch system, log monitoring), once the hacker gains access via RDP.  The damage that can cause is unlimited.  

E

Agreed with @nextgenhappiness . 

 RDP over the internet  is most insecure way of providing access. Attackers can also exploit vulnerable RDP services to perform remote code execution and seize control over targets. 

Better approach would be allowing access over VPN. If not possible over VPN, give access over custom port instead of default port.

Hope it helps!

Mayur

Hi,

If  I  change the default port to a different what is the possibility  of  identifying   rdp service on that port by an attacker  

Thanks