Are you opening a security hole for your remote workers?
Posted on 2020-04-02 by Matt Strahan in Business Security
On Tuesday Shodun showed that the number of RDP servers exposed to the internet has skyrocketed, going up by 30%. Just having RDP exposed to the internet is pretty much automatically considered a vulnerability in our penetration testing, as it’s a complex protocol that has a history of vulnerabilities (most recently BlueKeep), and exploitation can lead to administrator access to the system. Given that most RDP servers have to be connected to an Active Directory domain, often administrator access is all you need to completely compromise the network and all its data.
Clearly the rise in remote working has caused some windows to be opened in organisations’ environments. While remote working doesn’t have to be a security nightmare, it can still be surprisingly easy to open holes in your security in the name of remote working.
The two main reasons for this is a lack of a strategy and technical debt.