Utilizing Remote Desktop Securely to Protect the University
What is Remote Desktop Protocol (RDP)?
RDP is an application that allows a user to access a computer running Windows from another computer running Windows that is connected to the same network or to the Internet. This connection takes place over an encrypted channel.
What risks are associated with RDP?
There is a severe vulnerability in the method used in the encryption process and as a result the connection that you once thought was secure, is no longer. The connection can be infiltrated by attackers putting the University’s resources at high risk.
What are some of the ways to securely use RDP?
1. Update your software:
- Install the latest Microsoft security patch.
- Enable and audit automatic Microsoft updates.
2. Restrict access using firewalls:
- Utilize VPN (Virtual Private Networks) service, which sits behind the campus firewalls, before accessing RDP and enable users to connect to a remote private network through the Internet. With a VPN, data is first encrypted and encapsulated before it is sent to the remote VPN server. When the VPN server obtains the data, it decrypts the packet so that is can be interpreted. (http://technet.microsoft.com/en-us/security/bulletin/ms12-020)
3. Limit users who can log in using RDP:
- Allow only administrators to determine who should have remote access.
4. Use RDP Gateways:
- Access RDP through a single “Gateway” server. (Note: This technology is not supported by UITS and therefore could not be considered as a viable option).
What is UConn’s policy regarding RDP and why?
The University has decided to block direct Remote Desktop Protocol (RDP) access to campus computing resources due to the amount of attacks targeted at it and the recent vulnerability patched by Microsoft. University members can gain RDP access by using the VPN at: http://vpn.uconn.edu/