Remote Desktop Protocol (RDP) is an amazing technology developed by Microsoft that lets you access and control another computer over a network. It's like having your office computer with you wherever you go. For businesses, this means IT staff can manage systems remotely, and employees can work from home or anywhere, making RDP a true game-changer in today's work environment.
远程桌面协议 (RDP) 是 Microsoft 开发的一项了不起的技术,可让您通过网络访问和控制另一台计算机。这就像无论您走到哪里,都随身携带办公计算机。对于企业来说,这意味着 IT 员工可以远程管理系统,员工可以在家中或任何地方工作,这使得 RDP 成为当今工作环境中真正的游戏规则改变者。
But here's the catch: because RDP is accessible over the internet, it's also a prime target for unethical hackers. If someone gains unauthorized access, they could potentially take over your system. That's why it's so important to secure RDP properly.
但这里有一个问题:因为 RDP 可以通过互联网访问,所以它也是不道德黑客的主要目标。如果有人获得未经授权的访问权限,他们可能会接管您的系统。这就是为什么正确保护 RDP 如此重要的原因。
Why IT Teams Depend on RDP, Despite the Risks#——为什么 IT 团队不顾风险依赖 RDP
More than 50 percent of Kaseya's small and medium-sized businesses (SMBs) and Managed Service Providers (MSPs) customers use RDP for daily operations due to its efficiency and flexibility:
由于 RDP 的效率和灵活性,超过 50% 的 Kaseya 中小型企业 (SMB) 和托管服务提供商 (MSP) 客户使用 RDP 进行日常运营:
- Reduces Costs and Downtime 降低成本和停机时间
– IT teams can resolve technical issues remotely, eliminating travel expenses and delays. IT 团队可以远程解决技术问题,从而消除差旅费用和延误。 - Supports Business Continuity 降低成本和停机时间
– Employees and administrators can securely access company systems from any location. 员工和管理员可以从任何位置安全地访问公司系统。 - Enables Scalable IT Management 实现可扩展的 IT 管理
– MSPs can oversee multiple client networks from a single interface. MSP 可以从单个界面监督多个客户端网络。
Despite its benefits, RDP's widespread use makes it an attractive attack vector, requiring constant vigilance to secure properly.
尽管有其好处,但 RDP 的广泛使用使其成为一个有吸引力的攻击媒介,需要时刻保持警惕才能正确保护
New Concerns: The Rise of Port 1098 Scans#——新的担忧:端口 1098 扫描的兴起#
Typically, RDP communicates over port 3389. However, recent security reports - like one from the Shadowserver Foundation in December 2024 - have highlighted a worrying trend. Hackers are now scanning port 1098, an alternative route that many aren't as familiar with, to find vulnerable RDP systems.
通常,RDP 通过端口 3389 进行通信。然而,最近的安全报告——比如 2024 年 12 月来自 Shadowserver Foundation 的报告——凸显了一个令人担忧的趋势。黑客现在正在扫描端口 1098,这是许多人不太熟悉的替代路线,以查找易受攻击的 RDP 系统。
To put this into perspective, honeypot sensors have observed up to 740,000 different IP addresses scanning for RDP services every day, with a significant number of these scans coming from a single country. Attackers use these scans to locate systems that may be misconfigured, weak, or unprotected, and then they can try to force their way in by guessing passwords or exploiting other weaknesses.
从这个角度来看,蜜罐传感器每天观察到多达 740,000 个不同的 IP 地址扫描 RDP 服务,其中很大一部分扫描来自一个国家/地区。攻击者使用这些扫描来定位可能配置错误、薄弱或未受保护的系统,然后他们可以尝试通过猜测密码或利用其他弱点来强行进入。
For businesses, especially SMBs and MSPs, this means a higher risk of serious issues like data breaches, ransomware infections, or unexpected downtime.
对于企业,尤其是 SMB 和 MSP,这意味着出现数据泄露、勒索软件感染或意外停机等严重问题的风险更高。
Keeping Up with Security Patches#——跟上安全补丁的步伐#
Microsoft is aware of these risks and regularly releases updates to fix security vulnerabilities. In December 2024, for example, Microsoft addressed nine major vulnerabilities related to Windows Remote Desktop Services. These fixes targeted a range of issues identified by security experts, ensuring that known weaknesses couldn't be easily exploited.
Microsoft 意识到这些风险,并定期发布更新以修复安全漏洞。例如,在 2024 年 12 月,Microsoft 解决了与 Windows 远程桌面服务相关的九个主要漏洞。这些修复针对安全专家发现的一系列问题,确保已知的弱点不会被轻易利用。
Then, in January's update, two additional critical vulnerabilities (labeled CVE-2025-21309 and CVE-2025-21297) were patched. Both of these vulnerabilities, if left unaddressed, could allow attackers to remotely execute harmful code on a system without the need for passwords.
然后,在 1 月份的更新中,修补了另外两个关键漏洞(标记为 CVE-2025-21309 和 CVE-2025-21297)。这两个漏洞如果不加以解决,可能会允许攻击者在系统上远程执行有害代码,而无需密码。
How Kaseya's vPenTest Proactively Helps Secure RDP & More#——Kaseya的vPenTest如何主动帮助保护RDP等#
RDP exposed to the internet is more often a misconfiguration than an intended configuration. In the last 28,729 external network pentests we have performed, we were able to find 368 instances of RDP exposed to the public internet. On internal networks we have found 490 instances of Bluekeep.
暴露在互联网上的 RDP 通常是配置错误,而不是预期的配置。在我们执行的最后 28,729 次外部网络渗透测试中,我们能够找到 368 个暴露在公共互联网上的 RDP 实例。在内部网络上,我们发现了 490 个 Bluekeep 实例。
For organizations looking for a proactive method to protect their external and internal networks, tools like vPenTest are invaluable. vPenTest offers:
对于寻求主动方法来保护其外部和内部网络的组织来说,像 vPenTest 这样的工具非常宝贵。vPenTest 提供:
- Automated Network Pentesting:自动网络渗透测试
The platform will perform both external and internal network pentests. IT Professionals are now able to perform the same attacks as an attacker against the networks they manage to proactively protect them and test security controls. 该平台将执行外部和内部网络渗透测试。IT 专业人员现在能够对他们管理的网络执行与攻击者相同的攻击,以主动保护他们并测试安全控制。 - Multi-Tenant:多租户
The platform is purpose built for the multi-functional IT Team juggling multiple tasks. IT Professionals are able to manage all pentest engagements for multiple companies within the platform. 该平台专为处理多项任务的多功能 IT 团队而构建。IT 专业人员能够管理平台内多家公司的所有渗透测试活动。 - Detailed Reporting and Dashboard:详细的报告和仪表板
vPenTest will generate a set of reports including an Executive Summary and a very detailed Technical Report. The platform also has a dashboard for each assessment so IT Professionals can quickly review findings, recommendations and affected systems. vPenTest 将生成一组报告,包括执行摘要和非常详细的技术报告。该平台还为每次评估提供了一个仪表板,因此 IT 专业人员可以快速查看结果、建议和受影响的系统。
For the first time in tech history, IT Professionals are now able to execute a real network pentest against the organizations they manage at scale and on a more frequent basis.
IT 专业人员现在能够更大规模、更频繁地对他们管理的组织执行真正的网络渗透测试,这在技术历史上是第一次。
How Datto EDR Helps Secure RDP#——Datto EDR 如何帮助保护 RDP
For organizations looking for an extra layer of protection, tools like Datto Endpoint Detection and Response (EDR) are invaluable. Datto EDR offers:
对于寻求额外保护层的组织来说,Datto Endpoint Detection and Response (EDR) 等工具非常宝贵。Datto EDR 提供:
- Real-Time Threat Detection:实时威胁检测
It monitors RDP traffic for unusual behavior—like unexpected access attempts or strange port usage—and raises alerts if something seems off. 它监控 RDP 流量是否存在异常行为(如意外访问尝试或奇怪的端口使用情况),并在出现问题时发出警报。 - Automated Responses:自动响应
When suspicious activity is detected, the system can automatically block or isolate the threat, stopping potential breaches in their tracks. 当检测到可疑活动时,系统可以自动阻止或隔离威胁,阻止潜在的违规行为。 - Detailed Reporting:详细报告
Comprehensive logs and reports help administrators understand what happened during an incident, so they can strengthen their defenses for the future. 全面的日志和报告可帮助管理员了解事件期间发生的情况,以便他们可以加强对未来的防御。
This means that with Datto EDR, businesses can enjoy the benefits of RDP while keeping their systems safer from modern threats.
这意味着借助 Datto EDR,企业可以享受 RDP 的好处,同时保护其系统免受现代威胁。
Practical Tips to Lock Down RDP#——锁定 RDP 的实用技巧
Here are some straightforward tips to help secure your RDP setup:
以下是一些有助于保护 RDP 设置的简单提示:
- Timely Patching:及时修补
Always install updates as soon as they're available. Vendors frequently release patches to address new vulnerabilities. 始终在更新可用时立即安装。供应商经常发布补丁以解决新的漏洞。 - Limit Exposure:限制暴露
Restrict RDP access to trusted personnel only and consider changing the default port (3389) to something less predictable. 将 RDP 访问限制为仅受信任的人员,并考虑将默认端口 (3389) 更改为更难预测的端口。 - Use Multi-Factor Authentication:使用多重身份验证
Adding extra steps for verification (like MFA and Network Level Authentication) makes it much harder for attackers to gain access. 添加额外的验证步骤(如 MFA 和网络级别身份验证)会使攻击者更难获得访问权限。 - Enforce Strong Passwords:强制使用强密码
Ensure that passwords are complex and meet a minimum length requirement to help thwart brute-force attacks. 确保密码复杂并满足最小长度要求,以帮助阻止暴力攻击。
By taking these steps, you can significantly reduce the risk of your RDP services becoming an entry point for cyberattacks.
通过采取这些步骤,您可以显著降低 RDP 服务成为网络攻击入口点的风险。
RDP Isn't Going Away—But Security Needs to Improve#——RDP 不会消失,但安全性需要改进
RDP is an essential tool that has transformed how businesses operate, enabling remote work and efficient system management. However, as with any powerful tool, it comes with its own set of risks. With attackers now exploring new avenues like port 1098 and continuously finding ways to exploit vulnerabilities, it's crucial to stay on top of security updates and best practices.
RDP 是一种重要的工具,它改变了企业的运营方式,实现了远程工作和高效的系统管理。但是,与任何强大的工具一样,它也有其自身的一系列风险。随着攻击者现在探索端口 1098 等新途径并不断寻找利用漏洞的方法,掌握安全更新和最佳实践至关重要。
By keeping your systems patched, limiting access, using multi-factor authentication, and employing advanced security solutions like Datto EDR, you can enjoy the flexibility of RDP without compromising your organization's security.
通过修补系统、限制访问、使用多因素身份验证以及采用 Datto EDR 等高级安全解决方案,您可以享受 RDP 的灵活性,而不会影响组织的安全性。
Stay safe and stay updated!
注意安全并保持更新!
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...