remote desktop protocol (RDP)

What is remote desktop protocol (RDP)?

Remote desktop protocol (RDP) is a secure network communications protocol developed by Microsoft. It enables network administrators to remotely diagnose problems that individual users encounter as well as gives users remote access to their physical work desktop computers.

Example uses of RDP include employees who are working from home or travelling and need access to their work computers as well as admins who are providing system maintenance.

To use a remote desktop session, a user or admin must employ RDP client software to connect to the remote Windows PC or server, which must be running RDP server software. A graphical user interface enables the remote user or admin to open applications and edit files just as if they were sitting in front of their desktop.

RDP clients are available for most versions of Windows as well as for macOS, Linux, Unix, Android and iOS. An open source version is also available. RDP is an extension of the International Telecommunication Union-Telecommunication (ITU-T) T.128 application sharing protocol.

Features and functions of RDP

RDP is a secure, interoperable protocol that creates secure connections between clients, servers and virtual machines. RDP works across different Windows OSes and devices and provides strong physical security through remote data storage.

Noteworthy properties of RDP include the following:

  • smart card authentication;
  • bandwidth reduction;
  • the ability to use multiple displays;
  • the ability to disconnect temporarily without logging off;
  • RemoteFX virtualized GPU (graphics processing unit) support;
  • 128-bit encryption for mouse and keyboard data using RC4 encryption;
  • directs audio from a remote desktop to the user's computer;
  • redirects local files to a remote desktop;
  • local printers can be used in remote desktop sessions;
  • applications in the remote desktop session can access local ports;
  • shares clipboard between local and remote computers;
  • applications on a remote desktop can be run on a local computer;
  • supports Transport Layer Security;
  • improvements to RemoteApp;
  • support for faster connections; and
  • support for session shadowing.

RDP can support up to 64,000 independent channels for data transmission. Data can be encrypted using 128-bit keys. The bandwidth reduction feature optimizes the data transfer rate in low-speed connections.

How does remote desktop protocol work?

The RDP protocol provides remote access through a dedicated network channel. An RDP-enabled application or service packages the data that is to be transmitted and the Microsoft Communications Service directs the data to an RDP channel. From there, the OS encrypts the RDP data and adds it to a frame so that it can be transmitted.

The Terminal Server Device Redirector Driver handles all RDP protocol activity. This kernel driver is made up of subcomponents such as the RDP driver, which handles user interfaces, transfers, encryption, compression and framing. The transport driver is responsible for packaging the protocol so it can be sent across a TCP/IP network.

7 ways admins can protect RDP users
Understanding the weaknesses in Remote Desktop Protocol can help admins protect users.

RDP security concerns

When running RDP, it is important to follow RDP best practices, such as not using open RDP connections over the internet or giving anyone direct access to an RDP server. Other precautions include using defense-in-depth, which uses multiple layers of security, and the principle of least privilege, which limits user access to only the systems absolutely needed.

The BlueKeep security flaw affected users of earlier versions of Windows by installing malicious programming and making changes to data. First discovered in May 2019, these vulnerabilities affected Windows 7, Windows XP, Windows 2000, Windows Server 2003 and Windows Server 2008. Historically, RDP has been susceptible to pass the hash attacks and computer worms. Though less effective, brute force attacks have been used to gain access to past and present versions of RDP.

Microsoft provided security patches for those earlier Windows versions and newer versions of RDP are far more secure. More recent Windows OSes contain a mechanism for specifying which users are allowed to access the system through an RDP session. There is also an option to prevent anyone from remotely accessing the system unless they are using network-level authentication.

Pros and cons of using RDP

Remote desktop protocol has several advantages and disadvantages associated with its use.

Advantages of using RDP include:

  • Data can be secured on devices, as opposed to using cloud servers or other devices that may be less secure.
  • It does not require the use of a virtual private network.
  • It enables employees at companies with legacy on-premises IT infrastructure to work remotely.

Disadvantages of using RDP include:

  • Potential latency issues for remote employees if they have a slow internet connection.
  • Security vulnerabilities, such as susceptibility to hash attacks and computer worms, make it not ideal for sustained use over time.

Overall, RDP can be a useful tool for administering remote work management and access, especially for companies using an on-premises IT infrastructure.

There are numerous security threats associated with RDP, including computer worms and ransomware attacks. Learn how ransomware affects organizations and the real-life consequences of these attacks.

This was last updated in June 2021

Continue Reading About remote desktop protocol (RDP)

Dig Deeper on Windows 10 security and management