IT infrastructure management has changed dramatically since the COVID-19 pandemic began. Prior to the pandemic, IT teams primarily handled infrastructure monitoring and management on-site. Once the pandemic forced IT teams to work remotely, they struggled to effectively and securely manage organizational IT infrastructure.
Distributed work models also presented IT teams with new security challenges, as employees began accessing corporate resources from multiple locations, often using multiple devices, including devices which weren’t corporate-owned, also known as BYOD (bring your own device). These BYOD devices could have security issues that IT administrators don’t know about, which puts the organization at risk of data breaches, ransomware, and other cyberattacks.
Historically, virtual private networks (VPNs) have been the go-to solution for remote access. Prior to the pandemic, when remote access was limited only to very specific use cases, VPNs worked well enough.
However, once distributed work became the norm, not the exception, the shortcomings of VPNs quickly became apparent. VPNs are expensive and they don’t scale well. They suffer from latency, reliability and availability problems, and they’re extremely difficult for end users to use – as well as for IT teams to configure and maintain.
Keeper Connection Manager simplifies remote connections while hardening security. Instead of fumbling with a VPN, remote teams access internal resources simply by logging in through a web browser. Once they’re logged in, all work that remote users perform is executed behind the enterprise firewall, giving them the same protection from corporate security systems that they would have if they were working in a physical office environment.
Compromised remote desktop protocol (RDP) credentials have long been a common attack vector for ransomware attacks, and the shift to remote work has exacerbated this problem. One issue is that while RDP communications are encrypted, the protocol lacks multi-factor authentication (MFA) by default, and many organizations don’t enable it.
Cybercriminals run scans on port 3389, the default listening port for RDP. Once they find an open RDP port, they use brute-force password attacks, such as password spraying and credential stuffing, to figure out the credentials. Once threat actors have RDP access, they can escalate privileges, move laterally within the network, exfiltrate data, and deploy ransomware.
Keeper Connection Manager provides secure remote desktop access with security features, such as 2FA and least-privilege access, that VPNs lack. Administrators can provide access through RDP, SSH, VNC, and other common protocols, without having to share credentials with end users.
Many organizations use separate tools to provide remote users with access to internal devices. While internal users might log in using IPSEC Remote Access VPN solutions, third parties or internal users on BYOD devices might use proxies and SSL VPN solutions. If organizations want to allow mobile access, they have to deploy yet another layer of access infrastructure.
Heterogeneous remote access infrastructures pose significant challenges, including very limited scalability and agility, high levels of administrative overhead, end user confusion, and of course, security issues. Visibility into this type of setup is quite limited, and it’s extremely difficult to enforce security policies uniformly and company-wide.
Keeper Connection Manager works with nearly any device, and granular access controls enable IT administrators to provide end users with just the right level of access, from a single application to the entire network. There are no endpoint clients to install, configure, or maintain. Desktop images can be easily standardized, and updates to desktops and applications can be automated.
Keeper holds the longest-standing SOC 2 attestation and ISO 27001 certification in the industry. Keeper utilizes best-in-class security, with a zero-trust framework and zero-knowledge security architecture that protects customer data with multiple layers of encryption keys at the vault, shared folder and record levels.
RDP is very secure – if it is configured correctly. It is imperative to take basic security precautions, such as utilizing strong, unique passwords and two-factor authentication, to prevent threat actors from compromising your RDP login credentials.
It's not necessary to use a VPN to secure your RDP sessions. However, you must implement strict access controls, including strong, unique passwords, two-factor authentication, firewalls and access lists.
Yes, RDP sessions operate over an encrypted channel. When configuring your RDP, be sure to select the "High" encryption level. Otherwise, the maximum key strength supported by the target is negotiated through a domain controller.
This is a matter of debate! Whichever remote access method you choose, you must ensure to configure it correctly. Common remote access methods include:
Choose Language
