Using remote desktop securely

Xiid CTO Federico Simonetti explains how the company’s system enables secure use of remote desktop with one-time passwords via single sign-on.

So, you’ve just deployed yet another Windows VM in the cloud, what’s next? Well, you’re probably going to open a remote desktop (RDP) session to it and perform some configuration and management tasks.

In other words, you are going to select the VM you want to RDP into, click Connect, find your cloud-issued key-pair on your disk and select it, decrypt the VM’s administrator password, copy it to your system’s clipboard, download the RDP file and open it, paste the administrator password when requested and… Yay! You’re in!

A bit of a long process, isn’t it? Not to mention that the next time you need to connect to the same VM you’ll use the exact same administrator password; to shorten your to-do list next time you might even save the credentials in your system’s RDP credential storage.

And not only that. Several system administrators I’ve met in my career in IT security end up compiling a list of those VMs and their passwords (often saved in an Excel spreadsheet on their desktop). I will not insult your intelligence by explaining here why this is bad.

Remote desktop attacks are on the rise, as stated by both the FBI and the US Department of Homeland Security.

Furthermore, reusing the same password assumes you trust the entire communication end-to-end, and you are absolutely certain there is no possibility of a man-in-the-middle attack. History teaches us, though, that should anyone manage to sniff your credentials over the network (and yes, it isn’t as difficult as you’d like to believe) they will be able to RDP into your VM at a later time, and take control of it.

Recent examples such as the LabCorp hack are proof if it. And RDP attacks are on the rise, as stated by both the FBI and the US Department of Homeland Security.

This begs the question: is there a better and more secure way to use remote desktop, instead of dropping it completely? And is it possible to make it easier to use while increasing its security?

Yes. Here at Xiid we have invented (and filed a patent for) a method to do just that.

Now, if you’re an Xiid user, when you deploy your new Windows VM in the cloud, your newborn VM will recognise your Xiid single sign-on (SSO) account and self-register into your Xiid SSO portal. Opening an RDP connection to your VM from inside your Xiid SSO portal is, therefore, a much easier experience than before. Now you click on the VM you want to RDP to inside your Xiid SSO portal, click the access mode/method you wish to use and you’re in.

The best part is that the password you just pasted into your RDP client is a one-time password so, even in the unlikely event that a successful man-in-the-middle attack lands it in the hands of a malicious hacker, that person will not be able to use it to take control of your VM later on.

So, yes! Easy and straightforward single sign-on experience, with the added safety of one-time passwords, without giving up the familiar remote desktop tool you’ve been using all along. It’s possible, it’s Xiid.

Share this article