Protect Yourself from RDP Attacks – Stay One Step Ahead

The Ultimate Guide to Staying Safe and Secure on Windows

With over 1 billion devices running it worldwide, Windows is the most popular computer operating system on the planet. However, such ubiquity comes with intensified scrutiny from cybercriminals seeking to exploit Windows systems.

As Windows users ourselves, we feel a responsibility to empower our community with the knowledge needed to thwart attacks. By internalizing the insights in this comprehensive guide, you will gain the tools to fortify your Windows environment against intrusions and unauthorized access.

Employ Strong, Unique Passwords

While it may sound rudimentary, robust password hygiene remains one of the most vital defenses against cyberattacks. Follow these best practices:

• Utilize passwords containing upper and lower-case letters, numbers, and symbols. The more complex, the better.
• Avoid passwords associated with personal information like birthdates or names.
• Never reuse passwords across multiple sites or accounts.
• Change passwords frequently, at least every 90 days.
• Use a password manager to generate and organize passwords.

With strong, unique passwords guarding access, the risk of brute force attacks diminishes substantially.

What is enhanced mitigation Experience Toolkit (Emet)?

The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities.

Does Emet support exploit protection?

The mitigations available in EMET are included natively in Windows 10 (starting with version 1709), Windows 11, and Windows Server (starting with version 1803), under Exploit protection. The table in this section indicates the availability and support of native mitigations between EMET and exploit protection.

Enable Multi-Factor Authentication

Augment passwords with multi-factor authentication – requiring an additional step like an SMS code or biometric scan to log in. This extra layer of protection makes it exponentially harder for cybercriminals to access accounts, even if they manage to steal a password.

Enable multi-factor authentication on critical accounts like email, banking, and social media. For extra security, require multi-factor authentication to access Windows as well.

Keep Software Updated

One of the most common attack vectors exploits vulnerabilities in outdated software. Maintaining up-to-date operating systems, applications, browsers, plugins, and drivers is imperative.

Enable automatic updates wherever possible, and periodically check for new updates. Watch out for notifications of security patches and install them right away.

Updates not only squash bugs but also overhaul security features in the ongoing cyberwar. Running the latest software closes loopholes before they can be leveraged against you.

Steer Clear of Suspicious Links and Attachments

Use discretion when opening links and attachments from unknown or untrusted sources. Attackers commonly distribute malware by disguising it as innocuous documents or by compromising trusted sites.

How to turn off SMEP in Windows 8?

With the emergence of the “Supervisor Mode Execution Prevention” Intel feature and its inclusion on Windows 8 as a default exploit mitigation system, it was necessary to improve local kernel exploitation techniques to be up to date. As a well known technique, we can mention turning off SMEP by ROPing to disable the 20th bit in CR4 register.

How do I Turn Off application guard on Windows 10?

On Client Windows 10 devices, the Application Guard Feature is turned off by default. > Open the Control Panel, click Programs, and then click Turn Windows features on or off. > Restart device. Enable-WindowsOptionalFeature -online -FeatureName Windows-Defender- ApplicationGuard > Restart the device.

Hover over links to inspect their actual destination before clicking. Be wary of offers that seem too good to be true and avoid sites with typos or misspellings. Only provide sensitive info to legitimate, encrypted websites.

When unsure about a link or attachment, err on the side of caution. Reach out to the sender directly through a known channel to verify legitimacy.

Limit Admin Privileges

The admin account inherently possesses unlimited access to make changes across the system. Reduce exposure by reserving the admin account for when elevated permissions are absolutely necessary.

Instead, set up a standard user account for general activities like web browsing and checking email. Standard accounts operate with reduced system privileges, limiting the impact malware can inflict if compromised.

Backup Critical Data

While we hope you’ll never fall victim to ransomware or permanent data loss, it’s wise to prepare for worst-case scenarios. Develop a regimen of backing up important documents, photos, and other data regularly.

Store backups on an external device or cloud service disconnected from your main system, where they will remain intact should your primary computer get hit. That way, you can readily restore data if catastrophe strikes.

What happens if you overwrite a guard page in Windows 10?

If an attacker attempts to write past a block of memory (a common technique known as a buffer overflow), the attacker will have to overwrite a guard page. Any attempt to modify a guard page is considered a memory corruption, and Windows 10 responds by instantly terminating the app.

What if SMEP = 1?

If SMAP = 1, software operating in supervisor mode cannot access data at linear addresses that are accessible in user mode. be protected from supervisor-mode instruction fetches. If SMEP = 1, software operating in supervisor mode cannot fetch instructions from linear addresses that are accessible in user mode.

Utilize Security Software

Security software provides invaluable protection against viruses, malware, ransomware, and other cyberthreats. Solutions like Windows Defender Antivirus come integrated into Windows 10 for robust first-line defense.

You can bolster protection even further with a comprehensive internet security suite, providing tools like firewalls, parental controls, VPNs, and identity theft protection. Combine solutions for layered security capable of catching threats.

Avoid Suspicious Downloads

Exercise caution when downloading programs and files from the internet. Only install apps from trusted sources like the Microsoft Store. Beware download sites bundling additional software like browser toolbars which may harbor adware.

Scan any downloaded files with your antivirus software. Avoid copyright violating torrents and illegal software which frequently distribute malware. Set your browser to block dangerous downloads automatically.

Monitor Network Traffic

Gain visibility into network activity via tools like Wireshark, scrutinizing for any suspicious connections. Watch for unusual spikes in traffic, frequent attempts to access blocked ports, and connections to risky IP addresses.

What is supervisor mode execution prevention (SMEP)?

Supervisor Mode Execution Prevention (SMEP): Helps prevent the kernel (the “supervisor”) from executing code in user pages, a common technique used by attackers for local kernel elevation of privilege (EOP). This configuration requires processor support found in Intel Ivy Bridge or later processors, or ARM with PXN support.

What is NTVDM & SMEP?

(Enabling NTVDM decreases protection against Null dereference and other exploits.) Supervisor Mode Execution Prevention (SMEP): Helps prevent the kernel (the “supervisor”) from executing code in user pages, a common technique used by attackers for local kernel elevation of privilege (EOP).

Is Windows 10 suffering from a serious security flaw?

It has recently emerged that Windows 10 is suffering from a very serious security flaw that’s preventing the Windows Sandbox and Windows Defender Application Guard (WDAG) from opening – which is leaving some PCs vulnerable to attack.

How do I generate Emet mitigation policies for Windows 10?

One of EMET’s strengths is that it allows you to import and export configuration settings for EMET mitigations as an XML settings file for straightforward deployment. To generate mitigation policies for Windows 10 from an EMET XML settings file, you can install the ProcessMitigations PowerShell module.

Dig deeper into dubious traffic to determine if it’s indicative of some type of attack or network infiltration attempt. Knowing your typical traffic patterns makes anomalies stand out.

Suggested Topics

We hope these tips empower you to lock down Windows and stop cybercriminals in their tracks. Looking for more guidance securing your digital life? Some related articles we think you’d benefit from:

• How to Remove Malware from Your Windows PC
• Securing Your Home Wireless Network
• Protecting Your Kids Online
• Password Manager Showdown

Let us know if you have any other Windows security topics you’d like us to cover in the comments below! We aim to provide the most useful information to help our community stay safe in an increasingly dangerous digital world.

References

1. https://www.techrepublic.com/article/how-to-protect-your-remote-desktop-environment-from-brute-force-attacks/
2. https://www.techtarget.com/searchsecurity/tip/10-RDP-security-best-practices-to-prevent-cyberattacks

How do I configure a system wide mitigation policy?

The policy for system wide mitigations can be seen and configured with EMET’s graphical user interface. There is no need to locate up and decipher registry keys or run platform dependent utilities. With EMET you can adjust setting with a single consistent interface regardless of the underlying platform.