The Raritan Blog

Yet Another Security Issue with Remote Access Software

Richard Dominach
March 16, 2012

Recent articles in InfoWorld, “Microsoft urges firms to focus on severe RDP flaw,” and PCWorld, “Microsoft issues Urgent Patch for ‘Wormable’ RDP Vulnerability,”(1) illustrate the potential dangers of software-based remote access tools.  The vulnerability, cited as “dangerous,” “very serious” and “critical” applies to the Remote Desktop Protocol, widely used throughout the IT industry for remote access.  Other software-based systems include VNC, pcAnywhere, and many others.

Software-based remote access is widespread.  The InfoWorld article mentions that “There could be as many as 250 million systems with an open RDP port” and  “An estimated 140,000 computers running pcAnywhere could be directly contacted from the Internet.”   In my previous blog focused on the dangers of poorly configured remote access systems, I cite another article that estimates 83 million open VNC ports.

Users of remote access software should closely follow best security practices as recommended by the applicable vendor and their security organization, as well as immediately apply security patches as they are available.  Users should not be complacent about the use of these tools, and should carefully and thoughtfully consider the benefits and risks, applying the proper safeguards to harden and monitor their environments.

Users should also consider the benefits of hardware based remote access, such as KVM-over-IP switches, which provide “out-of-band” access that does not rely on “software” running on the remote server.  Out-of-band access can be more secure, provide access even when the server’s OS or network is not working, and provide a wider range of use cases including BIOS-level access and remote booting.   A higher level of manageability can be achieved through centralized permissions, authentication, and logging.   And as the KVM switch does not rely on software running on the remote servers, there is never a need to patch hundreds or thousands of servers.

With 24x7 reliability required for today’s IT infrastructure, remote access is an absolute necessity.  These recent articles illustrate the dangers of software-based approaches and the need to seriously examine your remote access users to implement a secure, productive, and manageable remote access solution.

(1) https://www.pcworld.com/businesscenter/article/251760/microsoft_issues_urgent_patch_for_wormable_rdp_vulnerability.html

Subscribe


Upcoming Events

AFCOM Data Center World
April 15 – 18  •  Walter E Washington Convention Center - Washington, DC
Advancing Data Center Construction West 2024
May 6 – 8  •  Salt Lake City, UT
Net Zero Data Center
May 16 – 17  •  Dallas, TX
7x24 Exchange Spring
June 9th  •  JW Marriott Orlando Grande Lakes

View all Events

Latest Raritan News

Legrand Certifications and Process Controls Provide Confidence in Information Security for Network-Connected Devices in Data-Related Applications
Posted on April 1, 2024
Legrand Releases Version 4.0 of Raritan’s Industry-Leading Secure KVM Switches, Raising Bar for Secure Desktop Access
Posted on July 31, 2023
Legrand Revitalizes Data Center Sector with Two Revolutionary Intelligent Rack PDUs
Posted on May 1, 2023
Raritan Reveals The MasterConsole® Digital Dual KVM Switch
Posted on February 18, 2021
Legrand Data, Power and Control Division Announced as Finalist in Six Categories at DCS Awards 2020
Posted on November 9, 2020

View all news