惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Blog — PlanetScale
Blog — PlanetScale
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
The Last Watchdog
The Last Watchdog
AI
AI
Recent Announcements
Recent Announcements
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Stack Overflow Blog
Stack Overflow Blog
V
Visual Studio Blog
J
Java Code Geeks
TaoSecurity Blog
TaoSecurity Blog
L
LangChain Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Project Zero
Project Zero
Microsoft Security Blog
Microsoft Security Blog
量子位
T
Threatpost
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
博客园 - Franky
博客园 - 聂微东
L
LINUX DO - 最新话题
Security Archives - TechRepublic
Security Archives - TechRepublic
Hugging Face - Blog
Hugging Face - Blog
T
The Blog of Author Tim Ferriss
P
Proofpoint News Feed
The GitHub Blog
The GitHub Blog
C
Check Point Blog
宝玉的分享
宝玉的分享
G
Google Developers Blog
Spread Privacy
Spread Privacy
Cloudbric
Cloudbric
SecWiki News
SecWiki News
有赞技术团队
有赞技术团队
www.infosecurity-magazine.com
www.infosecurity-magazine.com
W
WeLiveSecurity
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
美团技术团队
V
Vulnerabilities – Threatpost
Cyberwarzone
Cyberwarzone
A
Arctic Wolf
P
Privacy & Cybersecurity Law Blog
P
Palo Alto Networks Blog
H
Help Net Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Cisco Talos Blog
Cisco Talos Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
A
About on SuperTechFans
N
Netflix TechBlog - Medium
罗磊的独立博客
月光博客
月光博客

Todyl Blog

CyberChef: How to Decode & Decrypt Malicious Scripts (Step-by-Step Guide) Achieving Zero Trust with SASE: A Practical Roadmap for Modern Network Securityso like MSP Security Maturity Assessment: Why 79% of MSPs Are Stuck in 2025 The Rising Threat of Malicious AI: What Every Organization Needs to Know Iran Cyber Threat 2026: What SMBs and MSPs Need to Know The OneStart AI Browser Deception Cyber Insurance Requirements Based on Industry Why Third-Party Security Certification Is Your MSP's Competitive Edge Why Cyber Insurance Carriers Are Shifting to Security Assurance Iran Conflict and Cyber Risk: What North American Organizations Need to Know ‍ Why Cyber Resilience Requires Security, Compliance, and Insurance MSP Security Services: How to Position Identity Protection as Competitive Advantage Identity Security Gap Assessment: A Step-by-Step Guide for MSPs How Credential Theft Attacks Are Costing MSP Clients Millions Do I Need Cyber Insurance as a Small Business? Advanced Persistent Threats (APTs) Explained Preparing for CMMC Level 1: What Your Organization Needs to Do The Real Cost of Doing Nothing in Cybersecurity MSP Security: Build vs Buy SOC The Rise of a Cybercrime Alliance: What LockBit, Qilin, and DragonForce Mean for Business Risk Cyber Threat Recovery Strategies for MSPs What MSPs Need to Know about CIRCIA Final Rule ClickFix: The Evolution of Copy-Paste Social Engineering Akira Ransomware: Threat Assessment of a Scalable RaaS Operation The Dos and Don’ts of Applying for a Cyber Insurance Policy What Is Threat Hunting? A Practical Guide for MSPs and SMBs The Business Case for Cyber Threat Management Evaluating Free and Open Source SIEM Tools in 2026 How organizations can combat BEC Using SASE to help meet cyber insurance requirements Introducing the Anomaly Framework Stopping Identity Threats with ITDR through MXDR Security Operations Over Tools Beyond Tools: A Strategic Approach to Data Security Cyber Threat Response Strategies for MSPs Threat Advisory: Email Account Compromise BECs In the Wild: When Millions of People Are Expecting the Same Email Michigan and Wisconsin Proposed Age Verification Bills and the Impact on VPNs and SASE: What You Need to Know Cyber Threat Detection Strategies for MSPs Cyber Threat Prevention Strategies for MSPs Simplifying CMMC Level 1 with Todyl GRC How to Complete Your CMMC Level 1 Self-Assessment: A Step-by-Step Walkthrough Cyber Threats Don't Take Time Off How MSPs Build Lasting Client Relationships Through Proactive Operations Risk Management for MSPs: Why Business Context Changes Everything 5 Pillars for Security Program Growth in 2025 One Action MSPs can take to Address Risk and Secure Clients Building Resilience in a Perimeter-less World with Defense-in-Depth Aligning Technology Implementation to Business Outcomes Top 5 Myths about Cybersecurity How Conditional Access Transforms Your Cybersecurity Program Why MSPs need to embrace a prescriptive model How Texas SB 2610 Positions MSPs as Strategic Risk Advisors Simplifying cybersecurity maturity with managed cloud SIEM Addressing firewall vulnerabilities MSP Zero-Day Response Plan: When Security Tools Can't Help You Old is Gold: Tackling Persistent Vulnerabilities How MXDR drives operational efficiencies Using SASE for secure remote access How to find the best endpoint security solution The Cyber Insurance Crisis: Why MSPs and Their Clients Are Struggling What to ask of a prospective endpoint security vendor Thinking Red, Acting Blue: Turning Attack Tactics in Your Favor Zero-Day Attacks and False Alarms: Lessons for MSPs Dissecting the Recent Rise in 2025 Zero Days MSP Security Monitoring Strategy: Identity and Cloud Blind Spots Introducing the Todyl Community: A Collaborative Platform for MSPs Threat Advisory: PDFast Freeware Compromise Navigating Today’s Cybersecurity Threat Landscape: Where MSPs Should Start Threat Advisory: Understanding the Recent SonicWall SSL VPN Vulnerability and How to Protect Your Clients Partner Spotlight: GoTech IT Solutions Threat Advisory: SQL Injection in FortiClient CVE-2023-48788 The Importance of SSL Inspection Navigating Compliance Frameworks: Common Challenges and Effective Solutions Making the most of SASE Web Filtering Iran & Middle-East Geopolitical Shifts: Emerging Cyber Risks for SMBs MSP Security KPIs That Matter: Beyond Vanity Metrics to Business Outcomes MSP Challenges Looking into 2025 Combining EDR and NGAV for Defense-in-Depth Starting Your Security Framework Journey: A Practical Implementation Guide Cyber Insurance vs. Warranties: Key Risk Management Elements Akira Ransomware: A Persistent Threat to MSP Operations Transforming Cyber Insurance for MSPs and Their Clients Two Truths, Double Whammy: Why Vulnerability Remediation Needs a Rethink Using LAN ZeroTrust for segmentation The role of SIEM in incident response Partner Spotlight: 917 Solutions Threat Advisory: Business Email Compromise Campaign using OVPN for Obfuscation Beyond Implementation: Creating an Ongoing Security Framework Program ClickFix: Fake Captcha Leads to Real Damage Streamlining Security and Compliance Information Gathering with Assessments EpiBrowser: A Sophisticated PUP Masquerading as Chromium Partner Spotlight: AnchorSix Tips to Help MSPs Set Goals for the New Year How SIEM helps detect insider threats Massive Wave of Network Security Vulnerabilities Demands Immediate Action FortiJump: The FortiManager Zero-Day Vulnerability Explained Use cases of SASE: Software-defined perimeter Threat Advisory: LightPerlGirl Malware Why MSPs Must Prioritize CIS Critical Security Controls v8.1 for Client Success
Understanding the Pitfalls of RDP
Zach DeMeyer · 2026-01-09 · via Todyl Blog

The Remote Desktop Protocol (RDP) still serves a critical function since Microsoft first adopted the technology well over twenty years ago. By enabling remote connection to computers, RDP aids in work-from-anywhere efforts as well as troubleshooting and other tech support services. Despite its usefulness, however, RDP also serves as a major target for threat actors looking to penetrate a network. Let’s explore the pros and cons of RDP and what organizations can do to protect themselves from potential vulnerabilities.

What RDP Does

RDP allows users to remotely access and control computers. It was first introduced in 1998. Using a Windows client interface over TCP/UDP port 3389, the user operates the machine as if they were sitting in front of it.  

In practice, RDP has numerous benefits.

  • Remote work: A user can access their office desktop machine over a laptop or personal computer on the go and work as if they were physically in the office from wherever they have internet connection.
  • Troubleshooting: An IT admin can connect to a user’s machine to diagnose and remediate problems without having to directly interact with the machine itself.  
  • Server access: An engineer can tap into a server to perform maintenance or updates while keeping the server in a secure location.
  • Software testing: A developer can tap into a system running an application to evaluate how code operates in a controlled environment.
  • System deployment: A technician can set up a device for a new employee after drop-shipping it to their residence.
  • Managed services: An MSP can manage multiple systems across multiple client tenants without having to step foot in their offices.

With many other potential applications, RDP proves useful for any situation where someone needs to remotely connect to and control a computer or server.

The Other Side of RDP

Although useful, RDP has a major downside: it can be exploited by attackers as well. Because it is exposed to the internet, theoretically anyone can use it to remotely access a system. If a threat actor discovers an exposed RDP session, they can break into it through various methods and gain control over the system as if they were an authorized employee. Doing so grants them nearly unlimited access to the system, leading to dire results.  

What’s more, if an attacker somehow gains control over a system through some other method, they can establish an RDP connection to ensure persistence. That way, they can go back to the compromised system after initial access, helping to mask their actions over longer periods of time and allowing them to return later and carry out other misdeeds.  

Another growing use of RDP is the proliferation of ransomware. Because it grants direct remote access to systems, RDP gives bad actors the ability to deploy ransomware directly onto them. And, since these systems are often bound to on-premises networks, ransomware can easily spread to other parts of the network.

Critical vulnerabilities and exploits (CVEs) have been discovered in RDP over the year, including recent ones that allow for remote code execution. Microsoft is aware of these vulnerabilities and has issued patches for many of them, but the fact remains that RDP presents a major cybersecurity issue and the consequences can be much worse, if the ports are enabled for access via the internet.

What to Do About RDP

So, understanding both sides of RDP, what can organizations do about it?

Require strong passwords

Proper cyber hygiene is always important. Be sure users are logging into RDP with longer, complex passwords to make it harder for threat actors to brute force their way through.  

Patch regularly

Like with many other aspects of the IT and cybersecurity landscape, it’s best to stay up to date as possible for all patches, especially ones pertaining to RDP. Of course, some patches may contain other zero-day vulnerabilities, so stay tuned to news outlets and threat intelligence feeds to remain informed on new exposures.

Use a VPN

Although not a one-for-one RDP replacement, virtual private networks (VPNs) allow remote users to access network resources remotely. It should be known that you cannot use a VPN to fully access a remote computer like you can with RDP. So, for those use cases, a different solution is required.

But, in cases where remote users need to access on-prem files and servers, VPNs can be used similarly. Unfortunately, just as is the case with RDP, VPNs have also been known to harbor CVEs that attackers can prey on.

Restrict your ports

By default, RDP connections use port 3389 and are open to the internet. You can perform several changes to remedy this, including switching the default port or closing access to it. Using firewall rules or other configurations, you can restrict access to RDP ports to specific IP addresses or networks. This reduces the accessible attack surface while promoting a more zero trust approach to RDP security. That said, if an end user’s computer is physically compromised, or they’re acting as a malicious insider, these methods may not prevent compromise.

Implement cloud-based network security

Secure Access Service Edge (SASE) allows organizations to abstract their network to the cloud, establishing secure, untouchable connections between resources. Using a software-defined perimeter established by downloaded agents, SASE protects traffic and activity between systems by preventing exposure to the open internet.

Learn more

To see how SASE can help you address the security concerns of RDP, read this case study. In it, you’ll learn how one MSP used SASE to practically eliminate RDP and VPN usage while promoting cybersecurity, saving their client thousands of dollars annually.

About Zach DeMeyer

Zach DeMeyer is Todyl's Product Marketing Specialist, sharing the story of how businesses can use the Todyl platform to consolidate their security operations with SASE, SIEM, MXDR, Endpoint, SOAR, and more. He loves being on the forefront of new and exciting technologies, spending the past 8 years working in identity, UCaaS, and other SaaS products in the cybersecurity and IT software space. When he's not working, Zach enjoys camping and hiking with his wife, dog, and friends, playing music, sewing, and eating tasty food.