With the number of people working remotely consistently growing, the importance of having a remote desktop solution has grown as well. These solutions have to provide an opportunity to help users in the same way as if the administrator was dealing with the issue in person, as workplaces are often decentralized and specialists might struggle to be in a given place at a given time. Along with this, the remote desktop service has to be secure, as vital data might be transmitted during sessions.
Below, we’ll compare the feature sets of two solutions: Microsoft Remote Desktop Protocol and MSP360 Remote Desktop.
What Is Microsoft Remote Desktop Protocol?
Microsoft Remote Desktop Protocol, also called Remote Desktop Connection or Terminal Services Client, is a free, built-in solution for Windows computers. The first OS it appeared in was Windows NT. It is considered to be old and reliable technology, yet it has some limitations.
MSP360 Remote Desktop, developed by the MSP360 team, is available for Windows, macOS, Android, and iOS. It is highly customizable so that it is easy to adapt it to clients’ needs. The main goal of MSP360 Remote Desktop is to keep data protected while maintaining high performance when encrypting and decrypting it.
Security Considerations
Before we start our comparison, we should mention that, according to ESET's Q4 2020 report, there was a 768% growth in attacks on the RDP protocol from Q1 to Q4 of 2020. These attacks have become so frequent that a threat prevention company called Advanced Intelligence created a website where anyone can check if their RDP was hacked: RDPWNED.
One of the latest issues was related to password storage. On 14th May, a user called @jonasLyk tweeted that he found his password in RDP “in clear text”. To get access to the password, it was enough just to click the Permission button in one of the svchost.exe processes’ options. After this tweet, other users tried to replicate the author’s actions and several of them managed to do it.
Although it is a handy, built-in tool, Windows RDP is considered to be unsafe for a production environment.
As for MSP360 Remote Desktop, security is its top priority; all connections are encrypted by default. You can set up a password to prevent unauthorized access to remote computers. Additionally, you can limit access to configuration and the GUI, along with outgoing connections on these computers, so that any intruder will be unable to use these features.
Now, to the direct comparison.
MSP360 Remote Desktop vs Microsoft Remote Desktop Protocol: a Comparison
MSP360 Remote Desktop and Microsoft Remote Desktop Protocol differ a lot, so we have picked up some general parameters for this comparison, without digging deeply into the code.
| Comparison Parameter | MSP360 Managed Remote Desktop | Microsoft Remote Desktop Protocol |
| Security | All the data is encrypted, brute-force-protected and provides an additional level of safety with passwords | Many exploits found over the years, considered unsafe |
| Customization options | Flexible customization | Not customizable |
| Bandwidth | Lightweight; can limit bandwidth consumption | Reduces the amount of data transmitted by caching and compression |
| Connection | Uses middle-server for geo optimization | Direct connection, so speed depends on geolocation of client and server |
| Teamwork | Several engineers can work on a single issue, passing control from one to another; user has access to their computer as well | Does not support teamwork; locks user machine |
| File sharing | Yes | Yes |
| Communication | Voice and text communication is available | Text only |
Security Is a Must
Microsoft Remote Desktop Protocol is a tool that is only designed to do one job: to connect to a user’s machine and allow you to control it. It is pre-installed on any Windows computer and, thus, is used by many organizations. However, the number of exploits and vulnerabilities found each month is making Microsoft RDP a bad choice for anyone who’s worried about cybersecurity.
If you want to protect your and your clients’ data when connected, as well as to be flexible and to be able to work in a team, consider using a more feature-rich solution, such as MSP360 Remote Desktop.
MSP360 Managed Remote Desktop
Feel free to test-drive our new MSP360 Managed Remote Desktop oriented towards Managed Service Providers
- Extensive management capabilities
- Advanced security tools
- Easy to deploy
Securing Windows Remote Desktop Protocol [RDP]
As our working environments become increasingly orientated towards remote or hybrid paradigms, so does our reliance on remote technologies such as RDP. However, while this solution might be crucial to productivity in remote environments, it also comes with its associated risks. Knowing how to secure Windows Remote Desktop protocol is becoming increasingly important for general security, productivity, and compliance.
Microsoft Windows RDP component is encrypted by default, leading many to believe it is inherently secure. While that’s true to an extent, there are still vulnerabilities, particularly at the authentication level and newly discovered exploits for new and old RDP versions is still a regular occurrence. That’s why we’ll look at some measures you can implement to help secure remote desktop connections within your network below.
In Response to the Current Cybersecurity Threats, LIFARS is Offering New and Innovative Remote Cyber Defense Solutions: The Daily TRUTH, Short-Term Incident Response Retainer, Remote Worker Cyber Resilience.
Enforce Passwords Security Best Practices
Any user accounts with RDP access should be forced to use strong passwords as a matter of course. Reusing passwords for multiple accounts or services should also be discouraged. This will go a long way to prevent brute force and credential stuffing attacks perpetrated via RDP.
Set Account Lockout Policies
Brute force attacks are still a common attack vector aimed at RDP connections. Limiting the number of attempts a user has to successfully login to a computer will hamper the use of automated password guessing tools or other brute force attempts by attackers.
Use Multi-Factor Authentication
Multi-factor authentication [MFA] or two-factor authentication [2FA] can provide a massively effective extra layer of security on top of secure login practices. MFA can be configured in various ways, such as configuring RDP gateways to integrate with MFA/2FA services or using MFA/2FA certificate based smartcards.
Keep Your Software Updated
New and existing security flaws are continuously being uncovered across both old and new versions for RDP components and the systems they run in. Microsoft, for example, provides automated updates that apply security fixes for newly discovered exploits. You should ensure that all your clients and servers are running the latest software versions and monitor zero-day notices for vulnerabilities that may affect your network. Latest software versions are generally more secure, stable, and may support higher levels of encryption.
Use Firewalls to Restrict Access
Depending on the level of security you need, both hardware and software firewalls can be employed to remote desktop listening ports. A firewall allows you to specify only specific IPs that are allowed to connect via your RDPs ports. Combining a firewall with a RDP Gateway can provide a powerful security chokepoint.
Enable Network Level Authentication
Network Level Authentication [NLA] provides a level of authentication first before establishing a remote desktop session. If used, users have to authenticate themselves to the network before successfully making the connection. Most Windows OS versions, such as Windows 10 and Windows Server 2012 R2/2016/2019 have NLA enabled by default.
Limit User and Administrative Access
You should review your local security policies on a regular basis to ensure that remote desktop access is limited only to the accounts that need it. In Windows, for example, all Administrators are given access to RDP by default. Just because an account should have local admin rights doesn’t mean it necessarily needs RDP access. It’s best to configure specific groups if you do want to give RDP access to multiple users or to just specify these rights individually.
Limit RDP Access to External Clients or Servers
It has become an unavoidable operational requirement today to interface with parties outside your organization. However, with each external client or server you provide RDP access, your threat surface expands as well as the potential for compromise as a result of non-standard practices.
Set Up a Remote Desktop Gateway
A RD Gateway server helps to regulate RDP connections by removing all remote user access to your systems and replacing it with a point-to-point remote desktop connection. Remote users login to a portal using their credential to be granted access through the firewall. It provides secure, encrypted connections to the server from RDP clients. This is one way to allow remote users to connect to internal network resources from external sources securely.
Tunnel RDP Connections Through IPSec or SSH
IPSec and SSH can be alternatives to using a RDP server to add additional layers of authentication and encryption to remote connections. IPSec is built-in to all Windows operating systems since Windows 2000.
Monitor Your RDP Logs and Security Configuration
Implementing RDP security measures does not ensure your systems will never be compromised. You should regularly audit your RDP logs and security configuration for signs of anomalous behavior, such as unexpected login volumes, or where there might be mismatches in security settings between clients and servers on your network.
- FBI Warns of Windows 7 end-of-life Security Risk
- In "Penetration Testing"
- The Rise of Cyberattacks Towards Cities and Towns
- In "Cybersecurity"