Remote Desktop Protocol (RDP): 3389

Security Weaknesses

• Vulnerable to brute force attacks on login credentials.

• RDP hijacking by exploiting unpatched systems.

• Risks from unauthorized access due to misconfigurations.

Security Defense and Mitigation Measures

• Enforce multi-factor authentication (MFA) for RDP access.

• Restrict RDP access to specific IP addresses via a firewall.

• Regularly update RDP servers and disable unused accounts.

Indicators of Compromise or Attack

• Multiple failed login attempts on port 3389 (TCP).

• Unauthorized RDP sessions from unexpected IPs.

• Abnormal system changes or file access during RDP sessions.