Remote Desktop Protocol (RDP) is a great tool for SysAdmins to quickly hop in and out of servers as they need to do their day-to-day tasks. But just like any tool it can be used as a weapon. If a threat actor gains access to an admin’s credentials, RDP can be used to traverse into additional servers.
Duo Multi-Factor Authentication (MFA) is a great solution for introducing a second or third required level of authentication prior to providing access. Many people are familiar with MFA solutions when accessing company networks or data from an external location.
RDP with Duo
The news here is that Duo MFA can be integrated with RDP to force a successful Duo MFA authentication prior to accessing internal Windows machines.
Duo’s documentation for the solution is rather robust, so I won’t go thru any entire setup of the application, but I will provide screenshots of what a successful implementation looks like.
Security Services | IT Infrastructure Services | Duo for RDP Delay During Logon