What is an RDP Attack?
Remote Desktop Protocol (RDP) attacks have been a popular way for hackers to breach the security of a device or company network. An RDP attack takes place when an unauthorized person or entity is accessing a network through the device’s RDP ports. The attack is commonly an actual person using brute force to hack into the RDP port, or it could be an automated technology also using brute force to access the RDP port. Brute force is a term used when someone, or something, is guessing user credentials over and over again until they are able to gain access.
Our Defense — Disabling Ports
With the addition of our Endpoint Vulnerabilities Report and a new action for Remote Desktop Protocol at the device page, there are several places within PC Matic Pro and MSP to disable RDP ports. In order to disable RDP on a device, it must be online and have a current connection to your management console. You’ll notice in the Endpoint Vulnerabilities Report that a device may display with a grey toggle which means it is not currently connected and can’t be disabled. (See Example Below)
From the Actions menu at the device page, you can always enable the RDP port again if you disabled it by mistake. The enable button will only show if the RDP port is currently disabled.