May 28, 2025

RDP: The Double-Edged Sword of Remote Access

Remote Desktop Protocol (RDP) is used by countless organizations in a multitude of ways, enabling everything from remote workforces to streamlined IT support. Its convenience in accessing and managing remote computers has made it a go-to solution. This reliance is only set to grow; the global remote desktop software market, valued at USD 3.33 billion in 2024, is projected to reach nearly USD 12 billion by 2032, reflecting a robust 17.3% CAGR. Furthermore, a recent 2024 report from RealVNC indicates that 31% of organizations anticipate increasing their use of remote access technology this year. Yet, this widespread utility comes with a significant caveat: RDP's inherent security posture, when left unaddressed, can transform it from a powerful tool into a dangerous entry point for cyber attacks.

RDP's Security Landscape

Despite its convenience, RDP's security track record is sobering. It's not secure by default, and its popularity makes it a magnet for cyberattacks. The numbers reveal a stark reality:

  • A Top Attack Vector - RDP is a primary pathway for cybercriminals. In 2023, 90% of all cyberattacks handled by Sophos Incident Response teams exploited RDP for initial access. This makes it one of the most frequently abused tools by attackers seeking to breach networks.
  • Constant Exposure - Attackers constantly scan for open RDP ports. The Shodan.io search engine, for instance, has indexed over 3.5 million RDP ports directly exposed to the public internet. This vast exposure means it takes little effort for an attacker to discover and attempt to compromise an RDP server.
  • Credential Compromise - One of the main driver of RDP breaches is compromised credentials. In 2023, stolen login details were the root cause in over half of all incident response cases, with RDP frequently implicated. Alarmingly, 43% of affected organizations lacked multi-factor authentication (MFA), making credential theft even more potent.

While highly publicized "zero-day" vulnerabilities like "BlueKeep" (CVE-2019-0708) demonstrate critical flaws, the greater ongoing threat often comes from known, but unpatched, vulnerabilities or misconfigured RDP deployments. For example, CVE-2024-43533, a remote code execution vulnerability identified in December 2024, showed that even connecting from a compromised client to a malicious RDP server can lead to remote code execution. This highlights the continuous need for vigilance across the entire RDP ecosystem.
The list of discovered RDP-related vulnerabilities is extensive and growing:

  • CVE-2019-0708 (BlueKeep) - Critical RDP flaw enabling unauthenticated remote code execution.
  • CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226 (DejaBlue): A series of critical RDP vulnerabilities following BlueKeep.
  • CVE-2020-0609, CVE-2020-0610 - Severe remote code execution vulnerabilities affecting Remote Desktop Gateway.
  • CVE-2021-34535 - Another Remote Desktop Services Remote Code Execution vulnerability.
  • CVE-2022-22015 - An information disclosure vulnerability found in Windows Remote Desktop Protocol.
  • CVE-2024-43533 - A client-side remote code execution vulnerability as described above.

These vulnerabilities, coupled with millions of publicly exposed RDP ports, present a sprawling attack surface that cybercriminals relentlessly target.

Securing RDP Beyond The Ineffective Defenses

Effectively securing RDP demands a fundamental shift in approach. While traditional methods offer some protection, they often fall short against determined attackers due to inherent limitations.

The Gaps in Traditional RDP Security

Most organizations implement a mix of standard security practices, but each comes with its own set of challenges:

  1. Strong Passwords & Account Lockout - These baseline measures defend against simple guessing attacks.
    • The Gap - Passwords, no matter how strong, are easily bypassed by sophisticated credential stuffing attacks (using stolen or leaked passwords) or by attackers who can slowly brute-force without triggering immediate lockouts.
  2. Multi-Factor Authentication (MFA) - Adding a second verification step strengthens login security.
    • The Gap - While effective, MFA relies on the RDP port being discoverable. If an RDP server is compromised via a zero-day vulnerability before the authentication process, MFA will not prevent a breach. Additionally, attackers are now using advanced phishing and adversary-in-the-middle (AITM) techniques to bypass MFA.
  3. Firewall Rules & IP Whitelisting - Limiting RDP access to specific IP addresses reduces the attack surface.
    • The Gap - This can be impractical for remote users with dynamic IPs. It also offers limited defense against insider threats or if an authorized, whitelisted IP is compromised. Crucially, firewalls still allow attackers to discover the open RDP port, even if direct connections are initially blocked.
  4. Network Level Authentication (NLA) - Requires user authentication before a full RDP session is established.
    • The Gap - NLA improves pre-session security but doesn't prevent port scanning or the discovery of the RDP service itself. The service remains visible and potentially vulnerable to zero-day exploits.
  5. VPNs (Virtual Private Networks) - Users connect to the corporate network via a VPN before initiating RDP, encrypting traffic and hiding the RDP port from the public internet.
    • The Gap - VPNs introduce their own attack surface, often with dedicated open ports. They add management complexity, and if the VPN itself is compromised, it can expose the entire internal network. Furthermore, while VPNs hide the RDP port from direct internet scans, they don't eliminate the internal presence of the RDP service, which can still be targeted if the VPN is breached.
  6. Changing the Default RDP Port (3389) - Moving RDP to a non-standard port.
    • The Gap - At best, this is a weak security measure often referred to as "security by obscurity." Advanced scanning tools don't just look for port 3389; they can identify RDP services running on any port. Research consistently shows that RDP remains easily discoverable even when moved to a non-default port.

Making RDP Invisible - The NoPorts Advantage

The fundamental problem with traditional RDP security is that the RDP service itself remains visible and discoverable to potential attackers. Whether through a VPN, a changed port, or firewall rules, the "door" to your RDP server is still there, just behind various locks. But what if you could make that door vanish entirely?

This is what preemptive security solutions like NoPorts offers. NoPorts fundamentally re-architects how RDP connections are established, eliminating the attack surface by closing all inbound ports on your devices. This makes your RDP servers completely inaccessible and invisible to external threats.

Here's how NoPorts delivers superior security compared to traditional methods:

  • Cryptographic Pre-Authentication - Unlike traditional RDP, where authentication occurs after a connection attempt to the RDP port, NoPorts establishes a secure, peer-to-peer connection only after robust, out-of-band cryptographic authentication. This means unauthorized access attempts are blocked before they can even reach your RDP server.
  • Renders RDP Vulnerabilities Non-Exploitable - With no open inbound port, even newly discovered RDP zero-day vulnerabilities become unexploitable from threat actors. While the vulnerability might still exist on the server, the critical pathway for external exploitation is gone.
  • Simplified Security - NoPorts significantly reduces the complexity of managing firewalls, open ports, and traditional perimeter defenses, freeing up valuable IT resources.
  • True Zero Trust - NoPorts natively aligns with Zero Trust principles by verifying every connection attempt with cryptographic authentication, granting access only to verified users, regardless of their network location.
  • End-to-End Encryption - All communications with NoPorts are fully encrypted, ensuring data privacy and integrity throughout the remote session.

In an era where RDP remains a prime target for cybercriminals, relying solely on traditional, perimeter-focused security is not sufficient. By embracing a pre-emptive security solution like NoPorts, you fundamentally transform your security posture, moving from reactively defending visible entry points to proactively rendering them invisible. It's time to secure your RDP and make your digital gateway truly impenetrable.

1 Fortune Business Insights: "Remote Desktop Software Market Size, Share | Report [2032]"

2 SecurityBrief UK: "Global remote access use set to rise by a third in 2024"

Sign up for our newsletter

Get exclusive insights, updates, and expert tips on securing your digital world.
Product
Why NoPorts
How it Works
Connections & Integrations
Use Cases
VPN Replacement
Remote Access
IoT Messaging
File Shares
Cloud Security
IoT Access & Privacy
Pricing
NoPorts Personal
NoPorts Professional
NoPorts Enterprise
Resources
Docs
Blog
Case Studies
Videos
News & Events
Comparisons
NoPorts vs. Tailscale
Help & Support
Technical Support
Sales Support

NoPorts, developed by Atsign with our open-source SDK, represents the next generation of Internet technology—focused on simplicity, security, and privacy. For inquiries or feedback, please contact us.

SSH No Port’s latest pen test results are now available. Please email info@noports.com to request your copy.
© 2025 Atsign
Terms & Conditions
Privacy Policy