What is RDP?

myDRE uses RDP as a means to access the Windows Virtual Machines (VMs) in a Workspace. Linux VMs can only be accessed using a Windows VMs due to security and audit requirements.

Why RDP and not another solution

1. Microsoft Bastion: currently it requires access and interaction with the Azure portal: usability too low
1. Definitely a solution anDREa keeps its eyes on, once it provides APIs that can be deployed in the mydre.org portal this will be an option
2. Drawback: does not support multi-monitors: requirement for (semi) advanced users
2. Remote Desktop Services: users cannot install and maintain their own software: usability too low
3. Microsoft Azure ExpressRoute: realistically only for those spending tens of thousands of dollars in the public cloud it is proportionate to requirements and budget: too expensive
4. Site-to-site VPN: users must be able to access the VM from any location: usability too low
5. Public Load Balancer with NAT: The load-balancing rules and inbound NAT rules do not support IP protocols like ICMP. The load balancer doesn’t terminate, respond or interact with the payload of a UDP or TCP flow. usability too low
6. Jumphost VM: jumphost still involves opening one VM to public internet and it is a costly solution: does not solve the problem
   

These are the most important vulnerabilities in RDP:

1. There is a vulnerability in the encryption method in earlier versions of RDP. Microsoft issued a legacy patch for its outdated platforms, including Windows XP, Windows Server 2008, Windows 2003, and Windows 2007. Windows 8, 10, and newer operating systems aren’t vulnerable in this way. 
2. Weak user sign-in credentials. Most desktop computers are protected by a password, and users can typically make this password whatever they want. The problem is that the same password is often used for RDP remote logins as well. Companies do not typically manage these passwords to ensure their strength, and they often leave these remote connections open to brute force or credential stuffing attacks.
3. Unrestricted port access. RDP connections almost always take place at port 3389*. Attackers can assume that this is the port in use and target it to carry out on-path attacks, among others.
   

Recommended risk mitigation

1. Lock down RDP to a source IP or IP Range: IMPLEMENTED
1. on-prem is whitelisted, off-prem the IP of the user is whitelisted after 2FA action on mydre.org
2. Just-in-time VM access: IMPLEMENTED
1. by default VMs are deallocated (saves costs)
2. by default VMs shutdown at 19:00 CET (saves costs), though this can be overruled by Privileged User for longer calculation sessions
3. by default VMs do not have a dedicated public IP
4. time-out with too many unsuccessful attempts
3. Strong sign-in credentials: IMPLEMENTED
1. Password is the same as for logging into mydre.org and follows Microsoft recommended password requirements.
   

On the Roadmap

1. anDREa is working on a RDP-over-HTML solution
   
1. Though Bastion is preferred, it is still not suitable for myDRE due to missing APIs / ability for users to directly start the VM from mydre.org
   
1. Once Bastion meets the requirements, this solution will be embraced due to the thigh and supported integration in the Azure ecosystem
2. Guacomole is now at the core of the solution that is being developed
   
1. Once in place, also Linux VMs can be directly approached (no longer requiring a Windows VM as a stepping stone), both SSH and Desktop over HTML