Business and Enterprise
Protect your company from cybercriminals.Start Free Trial
Remote desktop protocol (RDP) is a network communications protocol that allows users to remotely connect to computers in a secure manner. In addition to enabling IT administrators and DevOps personnel to perform remote systems maintenance and repair, RDP allows non-technical end users to remotely access their workstations.
RDP was originally developed by Microsoft and is pre-installed on most Windows machines. Additionally, RDP clients, including open-source versions, are available for Mac OS, Apple iOS, Android and Linux/Unix systems. For example, Java Remote Desktop Protocol is an open source Java RDP client for Windows Terminal Server, while Apple Remote Desktop (ARD) is a proprietary solution for Macs.
RDP is sometimes confused with cloud computing because both technologies enable remote work. In actuality, remote access is where the similarities between RDP and the cloud stop.
In a cloud environment, users access files and applications stored on cloud servers – not their desktop computer’s hard drive. In contrast, RDP directly connects users with desktop computers, allowing them to access files and run applications as if they were physically sitting in front of that machine. From this perspective, using RDP to connect and work on a remote computer is much like using a remote control to fly a drone, only RDP transmits data over the internet instead of using radio frequencies.
RDP requires users to install client software on the machine they’re connecting from, and server software on the machine being connected to. Once connected to the remote machine, remote users see the same desktop graphical user interface (GUI) and access files and applications the same way as they would if they were working locally.
RDP client and server software communicate through network port 3389, using the TCP/IP transport protocol to transmit mouse movements, keystrokes and other data. RDP encrypts all data in transit to prevent threat actors from intercepting it. Because of the GUI, client and server communications are highly asymmetric. While the client transmits only mouse and keyboard inputs – which consist of relatively little data – the server must transmit the data-intensive GUI.
Even in a cloud-based world, RDP is an excellent fit for many use cases. Here are some of the most popular:
Because it connects directly to on-premise servers and computers, RDP enables remote work in organizations with legacy on-premises infrastructure, including hybrid cloud environments. In the same vein, RDP is a great option when remote users must access data that must be housed on-premises for legal or compliance reasons. IT and security administrators can restrict RDP connections to a particular machine to only a few users (even one) at a time.
However, for all the benefits of RDP, it does have some drawbacks, including:
The two biggest security vulnerabilities of RDP involve weak login credentials and the exposure of port 3389 to the internet.
Left to their own devices, employees use weak passwords, store passwords insecurely and reuse passwords across multiple accounts. This includes passwords for RDP connections. Compromised RDP credentials are a major vector for ransomware attacks. The problem is so pervasive that a popular social media meme darkly jokes that RDP really stands for “ransomware deployment protocol.”
Because RDP connections use network port 3389 by default, threat actors target this port for on-path attacks, also known as man-in-the-middle attacks. In an on-path attack, a threat actor places themselves between the client and server machines, where they can intercept, read and modify communications going back and forth.
First, decide if your organization really needs to use RDP, or if you’d be better off with an RDP alternative, such as virtual network computing (VNC), a platform-agnostic graphical desktop sharing system. If RDP is your best option, limit access only to users who absolutely need it, and lock down access to port 3389. Options for securing port 3389 include:
Comprehensive password security is just as important as protecting against port-based attacks: