Secure Remote Desktop Protocol (RDP) Over Internet
Troubleshoot remotely with a secure RDP connection over the internet
SolarWinds® Dameware® Remote Everywhere (DRE) is a comprehensive remote desktop protocol (RDP) security solution built to help technicians resolve issues remotely and securely. DRE is designed to establish a secure RDP connection to Windows desktops and servers, but can also connect to Mac, iOS, and Android devices. Since DRE is a lightweight cloud-based solution, it’s accessible from almost anywhere with an internet connection and can typically connect to workstations over the internet in less than eight seconds, which helps technicians get in, get out, and solve issues faster.
Enhance RDP security with a strong password policy
To increase RDP security with DRE, you can create a master password for every agent on which the remote desktop protocol is installed. Adding a password can reduce the chances of a security breach due to credential misuse and is recommended for key machines like domain controllers and database servers within an enterprise. Help ensure end users are fully covered by using a master password, locking Windows at the end of each support session, and requiring local-level authentication when starting a session.
Leverage remote desktop protocol and robust encryption to establish a secure remote session
DRE includes features, like encryption, designed to provide secure remote desktop sessions by using multi-factor authentication and AES-256 encryption, helping ensure data is secure in transit and at rest. Encrypted support sessions can automatically time out if they’re idle to prevent unauthorized access. Also, technicians can pause secure remote desktop sessions and use blank screens to help keep support sessions confidential.
Use an RDP security solution equipped with reporting features
DRE can record and export to .xls for further analysis, quality assurance, or auditing. In addition to DRE’s powerful reporting and diagnostic capabilities, this tool also features real-time session monitoring and session video recording with automatic upload to the cloud.
Get More on RDP Security
What is a remote desktop protocol?
Remote Desktop Protocol (RDP) by Microsoft is a network communications protocol designed to facilitate remote management and remote access for Windows desktops and applications.
How does RDP work?
During an RDP session, you can remotely access Windows devices to resolve issues without having to be in person for troubleshooting.
Remote client users can connect to servers and virtual machines using multiple channels, and different data types are communicated across these channels. The Remote Desktop Protocol provides remote access through port 3389. An RDP-enabled solution packages the data to be transmitted and then Microsoft Communications and directs the data to an RDP channel. After that, the operating system encrypts the RDP data and adds it to the frame, so it can be transmitted over the network.
The Terminal Server Device Redirector Driver handles all remote desktop protocol activity. Its subcomponents include the RDP driver, which handles all user interfaces, transfers, encryption, data compression, and framing. The transport driver packages the remote desktop protocol, so it can be sent across a TCP/IP network. In short, RDP creates secure, interoperable connections between clients, servers, virtual machines, and desktops. This allows service providers to securely and remotely access their clients’ devices and resolve their IT issues.
RDP vs. Dameware Remote Everywhere
SolarWinds Dameware Remote Everywhere (DRE) is a fast, affordable, and lightweight cloud-based remote support system designed to help technicians provide a high quality of service to end users. As the number of remote workers continues to rise, today’s enterprises are looking for support that can meet the needs of a diverse, complex enterprise while offering reliable security.
DRE was designed with RDP security in mind. It can be used as a gateway between RDP by creating temporary or permanent port forwards to remote networks. Your data can stay safe at any point in the remote support process. Sessions are protected by multi-factor authentication and AES-256 encryption by default, and you can add an additional layer of protection by using a master password. With DRE, you can also work with different clients simultaneously on the same screen and communicate with them by chat or video, so your team can focus on helping clients instead of worrying about whether RDP connections are secure.
DRE is unique because it offers the features you would find in a top-shelf solution for a fraction of the price. With this software, you get the troubleshooting, monitoring, and reporting capabilities you need to solve your clients’ technical issues fast, with minimum clicks and maximum results.
How to secure RDP access with DRE
RDP essentially opens a “listening socket” that accepts authenticated incoming connection attempts using open port 3389. If you open an RDP port over the internet, savvy hackers will know to look for this port, and if they successfully find one, they can use it to launch a wide variety of cyberattacks. Man-in-the-middle attacks, when a hacker secretly observes and alters the communication between two parties, are the most common cyberattacks levied against remote desktop protocols. RDPs are also prone to brute force attacks.
Two key factors go into evaluating RDP security—how the connection is created and how the connection is secured. Dameware Remote Everywhere uses several security protocols to meet these conditions to ensure a secure remote desktop is as safe as possible:
- Authentication level: You can build a secure connection between a secure remote desktop and a host by using two-factor authentication (2FA). Additionally, SolarWinds DRE offers authentication apps for 2FA including Google Authenticator, Duo Mobile, Authy, and Microsoft Authenticator.
- RDP security layer: To secure Microsoft remote desktop services, you can use SSL security layer. SSL is secure because for SSL to work, you must present a digital certificate showing the RD session host is legitimate. The digital certificate also encrypts the connection between the host and the remote desktop protocol. It must be self-signed or supplied by a separate certification authority. If your remote desktop protocol cannot accommodate SSL, you’ll have to use the RDP security layer.
- Encryption level: Remote desktop connections are secured with the highest level of encryption by default, but not all legacy clients are compatible with this option. If this is the case, you will have to choose the most secure encryption level available for your system. The four DRE encryption are Elliptic-Curve Diffie-Hellman (ECDH) protocol, Advanced Encryption Standards (AES) 256 Encryption, and FIPS (140-2) Open SSL.
Securing RDP access best practices
Here are some of the most important best practices for securing RDP access:
- Use a third-party tool for remote connection: Dameware Remote Everywhere uses a separate viewer and agent for remote connections. It can tightly control user permissions and helps protect from insider threats.
- Keep an eye on open ports: Most brute force attacks on RDP are conducted using the default 3389 open port. If you notice a lot of failed login attempts on your remote desktop, you might be under attack. Switching to a new port can throw your attacker off and keep your client’s data safe.
- Choose strong, complex passwords: Passwords are your first line of defense against unauthorized access to your RDP. Make sure you’re using long passwords (at least 12 characters) and include a random mix of capital letters, lowercase letters, numbers, and symbols. Password paraphrases, two or more unrelated words strung together, are even better for RDP security.
- Set user restrictions: Limit the number of users who have access to the remote desktop, so there are fewer opportunities for hackers to exploit those users.
- Use multi-layer authentication: Using at least two unique forms of authentication can further protect sensitive data shared over RDP. Most cybersecurity experts recommend using usernames and passwords in combination with time-based one-time passcodes (TOTP).
- Update regularly: The regular Microsoft patch cycle includes remote desktop updates with the latest security solutions.
Related resources and tools
Other SolarWinds Tools Using Remote Desktop Protocol (RDP):
Other DRE Features:
What is a remote desktop protocol?
Remote Desktop Protocol (RDP) by Microsoft is a network communications protocol designed to facilitate remote management and remote access for Windows desktops and applications.
Take RDP security to the next level with a dedicated remote access solution
Dameware Remote Everywhere
- Designed to securely establish remote access and resolve issues from anywhere
- Help keep client data encrypted
- Create temporary or permanent port forwards to remote networks for increased performance, security, and simplicity
Starts at