- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- Collaboration
- Discussions
- General Topics
- Rdp windows
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Rdp windows
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
05-01-2020 02:17 PM
Hi,
is it a good idea giving access to public windowd rdp ?.
Folks says do not publish outside
Any good reason for this ?
Thanks
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
05-01-2020 03:14 PM
Let me understand your question,
Allow anyone from Internet able to connect to a system listen on Remote Desktop protocol on your network? Is that what you are asking?
1. How update is the system patch level?
2. There could be a chance of non-publicly disclosure bugs on RDP can use a backdoor (also known as 0 days attack, which I disagree with that term).
3. How is the password complexity and length? Does it require multi factor authentication? Is it a client cert based login authentication?
4. If I am able to login to that host, is that system part of Corp Active Directory? How secured is the AD admin accounts?
and more and more...
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
05-01-2020 06:19 PM
Hi
Allow anyone from Internet able to connect to a system listen on Remote Desktop protocol on your network? Is that what you are asking?
yes and ofcourse we will give them credentials
3 . How is the password complexity and length? Does it require multi factor authentication? Is it a client cert based login authentication?
No mfa
no cert based auth
4 . If I am able to login to that host, is that system part of Corp Active Directory? How secured is the AD admin accounts?
What is the relations Ad admin accounts security with that
Thanks
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
05-01-2020 08:07 PM - edited 05-01-2020 08:08 PM
Let's see, once I am able to RDP login to a host which is part of the AD. The opportunity is endless.
I can start by following these steps which I just finish #2,
- Reconnaissance
- Initial intrusion into the network
- Establish a backdoor into the network
- Obtain user credentials
- Install various utilities
- Privilege escalation/ lateral movement/ data exfiltration
- Maintain persistence
Google "pass the hash" , "windows privilege escalation"
or I just drop a ransomware on the file servers to lock all the user data , etc. etc...
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
05-01-2020 09:12 PM
Hi
In that case what If I go for without joining domain (Work station )
Thanks
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
05-02-2020 01:25 AM
Better approach will be allow Remote Access over custom port instead of 3389.
Mayur
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
05-02-2020 01:53 AM
Hi,
I am trying to understand what are the pros and cons .
If I give without joining domain is there any benefit
Thanks
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
05-02-2020 05:00 AM
The pro is easy to setup to allow remote access to your network using RDP..
The con is without sufficient protection and monitoring in place (ie MFA, patch system, log monitoring), once the hacker gains access via RDP. The damage that can cause is unlimited.
E
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
05-02-2020 06:10 AM - edited 05-02-2020 06:11 AM
Agreed with @nextgenhappiness .
RDP over the internet is most insecure way of providing access. Attackers can also exploit vulnerable RDP services to perform remote code execution and seize control over targets.
Better approach would be allowing access over VPN. If not possible over VPN, give access over custom port instead of default port.
Hope it helps!
Mayur
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
05-02-2020 01:08 PM
Hi,
If I change the default port to a different what is the possibility of identifying rdp service on that port by an attacker
Thanks
- GlobalProtect 5.1.8 couldn't save username & password in GlobalProtect Discussions
- IPSec VPN certificates in General Topics
- Device Control - Exception in Cortex XDR Discussions
- Cortex XDR - Operations for an offline agent (isolated from internet access) - Concerns regarding installation and updates. in Cortex XDR Discussions
- MAC addresses for HA interfaces in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
