However, the risks of having this incorrectly configured outweigh the convenience it provides.
There are plenty of remote control or desktop sharing programs available. But not all organizations have policies regarding remote access. This leads to several non-standardized and unsecured approach of setting up remote access to work computers.
In the past, enabling remote desktop access and configuring the firewall to forward the necessary ports allows people to connect to their work computer. Most of the time, this is configured in a not secured manner and often scanned and exploited by the bad guys.
Using a weak password and a public remote desktop connection is a recipe for disaster. It also affects the performance of the remote connection due to constant attempts of unauthorized logins.
Things to consider with having an unsecured remote desktop setup:
- First of all, this is not secure and not recommended. If the firewall port is exposed to the public, it will allow any IP address to connect to it. Anyone located from different parts of the world can try to brute force their way into your computer.
- The computer can be infected with malware, ransomware, or data theft. Installation of backdoor programs or identity theft is also some of the few things that could happen if they gain access to a machine.
- If a lockout policy is in place, the accounts will be locked down due to incorrect password attempts causing a denial of service to the owner of the account.
But home routers commonly have a dynamic IP address assigned by the Internet Service Provider (ISP) which means it changes periodically. Once the IP changes, then the remote access is revoked. This defeats the purpose of having access to your computer remotely whenever you need it. Some routers support dynamic DNS or hostnames, but not all support it for port forwarding. It will be unreliable to have a dynamic IP added to the trusted IP addresses. Static IP addresses provide a fixed and trusted connection but might not be available for residential customers.
An ideal and hardened approach to secure the connection is thru a Virtual Private Network (VPN).
VPN sets up a secure tunnel between your remote location and your office network. This will encrypt the connection and prevent outsiders from logging in using remote desktop to your work computer.
If you know you are connecting to your work computer or a terminal server remotely and not familiar with VPN, please contact your administrator to review and secure your existing setup.
It is strongly recommended to secure all public remote desktop ports in your network. It is risky, outdated, and can easily be exploited.
Attackers will take advantage for every loophole they can find. Business continuity is important and information security should be taken seriously.