Boosting Remote Access Security: Public Preview of Remote Desktop Protocol Support for Duo Network Gateway
The Windows Remote Desktop Protocol (RDP) is often used for working remotely and providing IT support. Nearly 4.5 million RDP servers are exposed to the internet alone. The protocol is also, unfortunately, a common cyberattack vector. In 2020, attacks against Windows RDP grew by an incredible 768%! Additionally, the rapid shift to work from home resulted in thousands of RDP users and RDP-enabled machines connecting from outside the traditional network perimeter, thereby increasing the risk of cyber threats and data exposure.
As a result of the ever-growing threat that RDP presents, it becomes crucial to ensure secure connections to hosts that are being accessed via RDP. Strong multi-factor authentication (MFA) is a fantastic step forward with features like device posture assessments and access control. Given the threats surrounding a machine that is accessible via RDP through the internet, we can instead place those machines behind a front-end, such as the Duo Network Gateway (DNG), without foregoing the streamlined end user experience people have grown accustomed to.
End users do not have to launch a VPN client as the traditional extra step when gating access to RDP hosts. Instead, they simply launch their RDP client of choice and connect to the resources they require. During the initial connection to an RDP resource, the default Web browser launches to perform primary authentication against the organization’s SAML 2.0 Identity Provider and then MFA is performed with Duo. After this in-line authentication, the secure RDP connection is established, and the end user is ready to go.
Public Preview Available Now
Duo has been testing out RDP with Duo Network Gateway, and during the private preview we received positive feedback. One administrator stated that they “upgraded Duo Network Gateway and everything is working as expected. Client side is super easy.” We’re eager to hear your feedback to inform our next steps.
Today, we’re happy to share that RDP protocol support for Duo Network Gateway is in public preview for Duo Beyond customers. The DNG will allow users to securely and easily access on-premises applications and desktops via RDP, without requiring a VPN connection.
Adding RDP support to the Duo Network Gateway has been a highly requested capability among Duo customers, so we’re especially excited to bring this to the market. Better yet, we’ve developed an architecture for the Duo Network Gateway that allows for protecting RDP today and more Transmission Control Protocol (TCP) services over time. In the coming months, as we continue to learn from our customers about the applications that they are most interested in protecting with the Duo Network Gateway, we will support additional protocols.