RDP – No, no and no!

Old No Comments on RDP – No, no and no! 13

This will be a contentious post I’m sure! RDP stands for Remote Desktop Protocol, which is Microsoft’s built-in remote access tool for its operating systems. It allows a user to connect to a hostname or IP address, which after connecting displays a login prompt (or asks for login credentials while setting up the session, it depends on the version of the operating system) essentially allowing you to “remote control” the other computer as if you were directly in front of it.

So why is this a good tool ? It’s a great tool for accessing remote systems. For example, if your desk is 4 floors below the server room and you need to do some work on a Windows server, it’s much easier to utilize RDP to access that server as opposed to going up 4 floors and standing in the server room. RDP gives you the exact same interface as if you were right in front of the other system, so there are no special controls to learn and no special commands to remember.

So why is this a bad tool ? RDP is a huge security risk when accessible over the internet. Some IT professionals will disagree with me, touting RDP’s encryption and reliability. This is all fine, but there is a fundamental issue with how RDP operates. It allows anyone, anywhere to connect to whatever system you have open to the internet. Think of it this way: you’ve put your Windows logon screen on the internet. How long do you think it will take until a malicious server, user, botnet, etc. figures out your or another user’ account password ?

Now I know what you’re going to say: well just don’t open RDP to the internet at large! In principle I agree, but that’s not what the common practice is in the real world. In the real world of IT, most servers I’ve come across (that I didn’t deploy), had RDP open to the internet at large. No IP filters, no custom ports used, just the standard RDP open to the internet.

So if RDP is no good to use, what should we be using to connect to remote systems over the internet ? Well, there are some really great support tools out there that give the same “remote desktop” look and feel. Two of the are TeamViewer and LogMeIn. I’ve used both services and both have their pros and cons, which I will be reviewing in a later post. None the less, both are options worth considering, and both have free trials which you can install and demo. In short, these tools allow you to access remote systems in a secure manner that isn’t wide open and just exposed to the internet. In fact, depending on the deployment, it can be possible to utilize these tools without opening any additional firewall ports.

Remember, just because something is convenient, doesn’t mean it’s safe, secure, or a best practice. Use a proper tool and make sure you’re connecting to your remote networks in a way that doesn’t compromise security.


Martin Lehner

Martin Lehner is an technology professional working for an IT services firm in Whitehorse, Yukon (Canada). He has been working in the technology field for over a decade. With a degree in Business Admin and numerous industry certifications, Martin leads a team of IT professionals that provide third party support for clients. Originally starting a company to offer web development services, Martin quickly realized that clients wanted the entire spectrum of technology services. When Martin is not at work (which is not often, since his company offers 24/7 support), he is busy at home spending time with his family.

Related Articles

Leave a comment

Back to Top