A firewall is the first line of defense for your business from cyber-attacks. It acts as a barrier between your devices and the internet as well as other external networks outside your business. It monitors every traffic packet that goes in and out of your network, checking for the presence of any cyber threats and ensuring the legitimacy of the data. You can set firewall rules defining which traffic can be passed in and out of your system and block other unwanted and suspicious traffic. In short, firewalls give organizations more control over the network traffic that passes between the organizations’ perimeter, allowing one way in and out.
Also, If your business operates in remote working mode, having a firewall is important for your remote workers to securely connect to your business network from outside locations. Today, hardware and software firewalls receive constant updates and can block more sophisticated malicious traffic.
However, security provided by the firewalls can still go astray if you still have remote desktop ports open and not using firewall rules to block or configure remote desktop protocols. Let’s see how this becomes a serious issue and why your business needs to eliminate this mistake going forward.
Do you still have remote desktop ports open? Port 3389
Nowadays, many businesses allow their employees to work from home, providing remote access capabilities to access office networks from any remote place. RDP, or the Remote Desktop Protocol, is the main protocol organizations use to provide remote employees with access to their office computers from their home devices. This protocol is a part of both Windows and Mac operating systems and is very easy to configure. The RDP over TCP port 3389 is the most popular and standard protocol organization for this purpose. Apart from that, you can use this port for bastions host applications and provide remote servers.
Vulnerabilities of Remote desktop ports
Even though the remote desktop port 3389 offers easy access to office locations, it is very popular for many security vulnerabilities like ransomware and many other types of malware. Consequently, leaving the remote desktop ports open leaves your business vulnerable to bots and hackers. Attackers know that usual RDP connections usually happen at port 3389. Thus, they assume that this port is in use and performs intercept communications to and from that port, creating various cyber-attacks.
Brute force dictionary attacks due to weak passwords
The major security issue associated with this port is using weak sign-in credentials for RDP remote logins. Users use the same password for their other user accounts to log into remote logins. Often this password is not sufficiently strong, and companies do not ensure those passwords have the required strength, which will make this specific RPD port vulnerable to brute force attacks.
In such brute force attacks, hackers can execute a simple brute force attack where they try to guess and manually enter the login credentials. Or else, since RDP can be vulnerable to bots, bots will use a password dictionary attack where they try to log in with all the possible passwords changing them with special characters and numbers. This is a more effective method than a simple brute-force attack. Hackers also use a hybrid of simple and dictionary attacks and credential stuffing, using stolen credentials to log into other accounts.
BlueKeep attacks
Also, there is another serious vulnerability of an open RDP port known as "BlueKeep.” This vulnerability enables sending specifically targeted requests to the right port and executing malicious code on the remote computer. In the worst case, this BlueKeep can be automatically spread to other computers on the network. Therefore, such vulnerabilities of an exposed RDP port can have serious consequences for your data and the computer systems. Luckily, Microsoft rolled out a security patch for this vulnerability, and organizations must ensure they have applied that patch to every machine.
How to fix these ho-ho-ho holes in your firewall?
You can fix these ho-ho-holes in the firewall by enforcing the right firewall rules. One way to do that is by manually configuring it to stop traffic coming from the RDP port 3389 and only allow specific sets of IP addresses that belong to your employees to access your devices through that. This procedure is called whitelisting the IP addresses so that only the whitelisted IPs can remote login using port 3389. This is more suitable for businesses that have a small staff. Nonetheless, this is a time-consuming process for larger organizations.
One of the best things to do is to block port 3389 from the firewall or disable it if it is not required. Ensure that you use the latest version of this protocol to get patches for the latest vulnerabilities. Also, enforce strong password policies or use alternative methods like secure tunneling for port 3389 and single-sign-on for all the applications.
DON’T LET HO-HO-HOLES IN YOUR FIREWALL CRIPPLE YOUR BUSINESS
Having remote desktop port vulnerabilities within your business systems can make your entire business operations come to a halt one day. No business wants to pay the price for such serious mistakes. Thus, by avoiding the mistakes mentioned above and implementing the best possible firewall rules, your business can be highly secure from cyber-attacks or data breaches.
If you need more information on how to make your firewall stronger, 615-843-5001 or schedule a 10-minute discovery call if you need help from Digital Minds International.
