IF your MFA solution requires you to disable NLA, you're opening yourself up to a much bigger world of hurt - all major vulns in 2019 were mitigated by having NLA on, so you wouldn't have been affected by them - and the same is true for many other years as well. Please note - Turning on NLA "Network Level Authentication" - neuters/mitigates almost every major RDP vulnerability that's come out for a VERY long time. I seriously don't understand the downvotes for pointing out that turning off NLA means you're directly exposing a larger attack surface and that keeping it turned on has mitiagted most of the direct RDP vulnerabilities on hosts entirely (Requiring authenticaiton before being exploitable) Please, read all the CVEs for RDS hosts/RDP itself explicitly - the mitigation is almost always "Have NLA turned on" You've taken your attack surface from near-SSH like levels (You have to authenticate *first* before RDP is exposed to you to attack) to "hey, anyone can run an exploit! FULL EVERYTHING EXPOSED YAAAY"ĮDIT: Yes, I'm aware of the RDS gateway bug, but that was specifically in RDS Gateway - keeping NLA on individual hosts will still protect you from any internal worms/exploits.
If your MFA solution requires you to disable NLA - ditch it.
#Duo rdp client for windows Patch#
Please note that turning on NLA neuters/mitigates almost all RDP based exploits (Seriously, read the patch notes - stops every major RCE in its tracks) and, while yes, RDP, SSH, and other management interfaces should never be exposed, they should be protected just as well internally.
0 kommentar(er)
