RDP (Remote Desktop Protocol) misconfigurations are commonly identified by vulnerability scanners, most often consisting of:
- Network Level Authentication (NLA) Disabled
- Terminal Services Encryption Level is Medium or Low, or
- Terminal Services Encryption Level is not FIPS-140 Compliant
Using weaker cryptography with RDP could potentially allow and attacker to eavesdrop and perform a MiTM (Man in The Middle) attack and ultimately affecting system confidentiality and integrity. In this post we will address these issues to help you harden your Remote Desktop services configuration.
To resolve all three findings, from your DC, open Group Policy Management and create (or edit) a GPO (Group Policy Object) and navigate to the following path:
Computer Configuration\Policies\Administrative Templates\Windows Components\ Remote Desktop Services\Remote Desktop Session Host\Security
Enable all three options highlighted below.
Require user authentication for remote connections by using NLA Enabled Set client connection encryption level Enabled - Encryption Level = High Require use of specific security layer for remote (RDP) connections Enabled - Security Layer TLS 1.0
Finally, push the configuration changes domain wide by opening up a Powershell terminal window and typing the following command: