Skip to content

Demystifying RDP part 2: Accessing and visualizing RDP environments

Understanding what your RDP environment will look like and how to access it is the next step in the process. Need a recap? Check out our previous blog post on understanding RDP, RDS, and VDI.

Remote Desktop vs. RemoteApp 

Demystifying RDP 2

Parallels Secure Workspace with a mix of RemoteApp and Remote Desktop-based services, including:

  1. Bob50 deployed as RemoteApp.
  2. Windows 10 deployed with BOB50 as a local app.

Demystifying RDP Opening a published RemoteApp application in Parallels Secure Workspace.

demystifying RDP

Opening the same application in a published Remote Desktop in Parallels Secure Workspace.

How do end users access their VDI or RDS environment?

Windows RDC

Example: Connecting to RDP on a Windows 10 device.

From the client side, using an RDP client is the most used access method by far.

This mechanism is available from Microsoft on Windows, but there are other versions available on other platforms, such as Linux and MacOS). This client needs to be installed on the end user’s device.

For most end users, the initial setup and connection will require help from the IT department. Furthermore, it requires additional security measures to be in place, as discussed in this article about the WannaCry ransomware attacks.

Example: Connecting to RDP on a Windows 10 device.

In the past few years, access to virtual apps and desktops via HTML5 without needing dedicated client software has become increasingly popular.

In this case, the browser becomes a very efficient client.

Because nearly all devices are equipped with browsers these days, browser-based access doesn’t require the installation or management of additional software.

The latest version of RDP comes with RDWeb, which offers HTML5 capabilities. This is only available on the most recent version of RDP and therefore is not available on versions older than Windows Server 2016. Read more on HTML5 as the client of the future in this blog post.

Since the beginning, Parallels Secure Workspace has been based on using the browser as the sole client, delivering RDP in HTML5 via the proprietary Parallels Secure Workspace HTML5 Gateway.

Discover how Parallels Secure Workspace can add layers of value to your RDP deployments. Start your free trial now!

The typical components of an RDP deployment

Until Windows Server 2019 was released, Remote Desktop Protocol was closely tied to the version of Windows Server used. For example, this meant if your applications were running on Windows Server 2008, you would be bound to the capabilities (and limitations) of this version of RDP.

RDS itself is the combination of several components or roles, and not all roles are required in every situation. In some cases, the components or roles involved will require additional infrastructure to be made available.

However, for a simple VDI connection (without RDS), you don’t need all these roles. Here is the overview:

1. Remote Desktop Session Host (RDSH)

RDSH enables a server to host both RemoteApp programs and session-based desktops (Remote Desktop). Users can connect to the RD Session Host servers in a session collection to run programs, save files, and use resources on those servers.

Users can access the Remote Desktop Session Host server by using the Remote Desktop Connection client or by using RemoteApp programs. Note: for VDI, you don’t require RDSH.

2. Remote Desktop Virtualization Host (RDVH)

RDVH enables to connect to virtual desktops by using RemoteApp and Desktop connection. It cuts costs by enabling the management of desktops from one place and reduces the need for advanced client hardware. Users can access their desktops from anywhere, enabling remote work and increasing flexibility. RDVH also simplifies data backups and disaster recovery.

3. Remote Desktop Connection Broker

This functionality allows users to reconnect to their existing virtual desktop, RemoteApp programs, and session-based desktops. It enables even load distribution across RD Session Host servers in a session collection or across pooled virtual desktops in a pooled virtual desktop collection. It also provides access to virtual desktops in a virtual desktop collection. The Connection Broker is not required for very simple deployments.

4. Remote Desktop Gateway

A capability that enables authorized users to connect to virtual desktops, Remote-App programs, and session-based desktops over a private network or the Internet. Basically, it enables secure access from a public network into a private network—more specifically to the session hosts, brokers, and VDIs.

5. Remote Desktop Web Access

Remote Desktop Web Access enables users to access RemoteApp and Desktop Connection through the Start Menu or through a web browser. RemoteApp and Desktop Connection provide users with customized views of RemoteApp programs, session-based desktops, and virtual desktops.

For web browser-based access, you can picture a webpage that displays published applications and desktops. When the user clicks to open, it will traditionally trigger the locally installed RDP client to launch and connect.

6. Remote Desktop Licensing

Remote Desktop Licensing enables a server to manage the RDS client access licenses (RDS CALs) that are required for each device or user to connect to a Remote Desktop Session Host server. RDS CALs are managed using the Remote Desktop Licensing Manager application.

See how Parallels Secure Workspace adds layers of value and security on top of RDP

Parallels Secure Workspace is a unified workspace and a workspace aggregator. It offers HTML5 browser-based access to Windows applications and desktops, Linux-based desktops, web and intranet applications, SaaS applications, and files.

For Windows-based applications and desktops that are deployed in server-based computing, Parallels Secure Workspace serves as a layer on top of RDP, adding security and value on top of the RDP foundation.

Aggregate access

Parallels Secure Workspace doesn’t just provide access to Windows applications and desktops, but also to files, intranets, web applications, SaaS, Linux desktops and apps, and more.

Enhanced security

Naked RDP is vulnerable to cyber-attacks. PSW can minimize these risks — multi-factor authentication, SSL encryption, and usage auditing are built-in.

Rich HTML5 experience

Parallels Secure Workspace has perfected HTML5 access over the years with useful additions such as a virtual printer, support for function keys, and in-app downloading.

Open API and multi-tenant

In contrast to RDP, Parallels Secure Workspace is multi-tenant and fully Open API-based. Making it perfect for ISVs, MSPs, and CSPs.

Collaboration functionalities are baked-in

With Parallels Secure Workspace, you can share access to application sessions and share documents of any size in a secure and controlled manner.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Parallels 
Parallels® is a global leader in cross-platform solutions, enabling businesses and individuals to access and use the applications and files they need on any device or operating system. Parallels helps customers leverage the best technology available, whether it’s Windows, Linux, macOS, iOS, Android or the cloud.

NordVPN accelerated login user flow by 60% with Baseline Profiles

NordVPN is a virtual private network (VPN) app that protects users while they’re browsing the web by providing them a more secure and private connection. As a network utility, NordVPN’s users deserve a responsive UI, allowing them to set up their protections at a moment’s notice. That’s why NordVPN developers recently integrated Baseline Profiles, a profile-guided optimization that helps Android developers improve an app’s startup and runtime performance using ahead-of-time compilation.

First published by Ben Weiss on the Android Developers Blog

Improving performance with Baseline profiles

As part of its product roadmap for 2023, the NordVPN team wanted to boost the application’s performance. Before implementing Baseline Profiles, NordVPN’s startup times on Android devices didn’t meet the team’s standards, prompting them to examine new ways to make the app run better.

After exploring ways to improve its runtime performance and streamline the login process for users, NordVPN developers identified an opportunity to make the app faster using Baseline Profiles. Baseline Profiles lets the Android Runtime (ART) know which code paths to optimize through Ahead-of-Time (AOT) compilation before an app launches, boosting speed, stability, and overall responsiveness during startup, when navigating through the app, and while viewing content.

“App speed and stability are essential for a better user experience, so we’re always looking for new ways to improve NordVPN’s performance,” said Himanshu Singh, senior Android engineer at NordVPN. “We wanted to speed up the app’s load time and make launch and navigation faster than ever.”

By applying Baseline Profiles, NordVPN improved its launch speed by an average of 24%. Using tools like Android Vitals, the NordVPN team measured that it had reduced the application’s cold start time from 4.3 seconds to 3.2 seconds, the warm start time from 2.7 seconds to 1.8 seconds, and the hot start time from 1 second to 0.7 seconds.

After implementation, NordVPN developers’ also noticed that Baseline Profiles made it faster for users to login to the app, improving the user login flow. The login flow is measured from when a user starts an app to when a user is logged into it. Using the Macrobenchmark library to monitor the improvements, the team observed that the NordVPN app runs its login flow 60% faster than before.

Integrating and testing Baseline Profiles is easy

The ease of implementing Baseline Profiles impressed NordVPN developers. The available resources, in-depth documentation, and codelabs from Android allowed them to enhance the app’s UX without having to write an extensive amount of code themselves.

Using the Macrobenchmark library, NordVPN developers quickly generated Baseline Profiles for the application. To do this, they used a Gradle managed device, which enabled them to create new profiles without a physical device. Using a Gradle Managed Device also allowed NordVPN developers to create fresh profiles for each app release build on their Continuous Integration platform. Looking forward, NordVPN developers plan to migrate Baseline Profile generation to the official Gradle plugin, which will further automate profile generation.

NordVPN developers combined development workflows to create an integration pipeline, allowing them to test the app under various conditions. Then, the Macrobenchmark library ran Baseline generation tests, pushing the latest Baseline Profiles into the code base.

A quick boost to app quality

After integrating Baseline Profiles into NordVPN’s code, its developers saw immediate speed improvements. The engineering team assessed the app’s overall speed after finishing the project and found that, beyond improving the app’s launch times, applying Baseline Profiles led to a 29% improvement to overall in-app speed.

“We’re constantly working to improve app quality, and Baseline Profiles integration has proven to be one of the most successful steps we’ve taken,” said Šarūnas Rimša, product owner at NordVPN. “We’re helping users access the services they’re entitled to faster. What’s not to like?”

Get started

Learn how you can improve your app’s performance using Baseline Profiles.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

How to make a difference on Data Privacy Day

In the spirit of New Year’s resolutions, one commitment is gaining attention: data privacy.

Every January 28, we observe Data Privacy Day. Established in 2007, it highlights the need to protect personal information.

As we step into 2024, the relevance of Data Privacy Day has never been more prominent: the trends show that the number of cyber threats will increase this year, so data privacy is a hot topic.

Is Data Privacy Day significant?

Data Privacy Day may not be as famous as Thanksgiving, yet it’s crucial. It focuses on the escalating and valid concerns over personal data security.

Data breaches are on the rise. Statistics for 2022 and 2023 reveal that 98% of organizations are linked to a vendor that suffered a data breach in the past two years. Also, in the first three quarters of 2023, one in four Americans had their health data exposed. So, discussing cyber safety is quite important, as education often plays a crucial role in preventing data breaches.

Data privacy day statistics

This day reminds us all, whether individuals or businesses, that we have to protect data. It’s about more than awareness; it’s about fostering better practices, vital in an age where anyone can fall victim to social engineering.

The origins of Data Privacy Day

On April 26, 2006, the Council of Europe established Data Protection Day to be celebrated annually on January 28. This date marks the opening for signature of the Council of Europe’s data protection convention, known as “Convention 108.” The day was set to encourage best practices in privacy and data protection.

Data Privacy Day’s impact is global, extending well beyond Europe. It unites governments, industry leaders, and privacy advocates.

Fundamental principles of privacy and data protection

The General Data Protection Regulation (GDPR), a significant regulatory framework established by the European Union, outlines several of these principles.

As GDPR is the most strict privacy framework in the world, let’s look at them to understand what we should aim for:

  1. Lawfulness, fairness, and transparency. That’s how personal data must be processed.

  2. Purpose limitation. Data should be collected for explicit purposes and not then processed in another manner.

  3. Data minimization. Only data that is necessary for the purpose should be collected.

  4. Accuracy. Personal data should be accurate and kept up to date.

  5. Storage limitation. Personal data should be kept in a form that allows the identification of data subjects for no longer than necessary.

  6. Integrity and confidentiality. Data should be processed in a way that ensures security.

  7. Accountability. The data controller is responsible for and must be able to demonstrate compliance.

Even though GDPR is European, it’s relevant for US companies, too. If they offer goods or services to people in the EU or track their internet activities, they need to follow these rules. The fines for not doing so can be steep. We’ve got a handy GDPR compliance checklist for businesses curious about this.

10 best practices for ensuring data privacy

As Apple stated in one of their latest reports, “Organizations are only as secure as their ‘least secure link.'” Ensure your business’s safety and also request that your vendors follow some simple tips.

  1. One fundamental practice is understanding and classifying the data one handles. This involves identifying which data is sensitive and requires more protection.

  2. Regularly updating privacy policies and ensuring they are transparent and easy to understand is also crucial. This helps individuals know how their data is used and protected.

  3. Strong, unique passwords are essential for securing accounts.

  4. Two-factor authentication adds an extra layer of security, which is essential for sensitive accounts.

  5. Regular software updates are also crucial. They often include security patches that protect against new vulnerabilities.

  6. Organizations should conduct regular data audits. These audits help identify and address potential security gaps.

  7. Employee training in data privacy is equally important. It ensures that everyone understands how to handle sensitive information correctly.

  8. Encouraging a culture of privacy within an organization is also beneficial. This creates an environment where data protection is a shared responsibility.

  9. Finally, it’s essential to have a response plan for data breaches. This plan should include steps to mitigate damage and notify affected parties.

  10. Regular backups of essential data can prevent loss in a security breach.

How to participate in Data Privacy Day effectively

While a social media post with #DataPrivacyDay is a good start, 2024’s rising cyber threats call for more practical actions.

Here’s a simplified take on White & Case’s tips:

  1. Data mapping. Sort out the data you have (like customer details) to ensure it’s handled correctly under the privacy laws of your region.

  2. Privacy policy review. Regularly update your website’s privacy policy. It should clearly state how you use customer information, keeping up with current laws.

  3. Adapt to new opt-out laws. In states like Utah, Florida, Oregon, Texas, and Montana, new laws in 2024 may require websites to honor user preferences about data usage. Make sure your site can do this if it’s relevant to you.

  4. Data protection assessment. It’s like a health check for your data practices. Ensure your methods of handling sensitive information, like customer financial data, meet the latest legal standards.

  5. AI tools review. If you use AI, treat it like a responsible employee. Check that it follows privacy rules and is transparent about data use. Include checks for fairness and safety in how the AI operates.

Now is the right time if you still need to introduce NordLayer solutions to protect your business. Contact our sales and choose the best option for your business.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

ESET Research discovers new China-aligned APT group Blackwood that uses advanced implant to attack within China, Japan, and the UK

  • ESET Research has discovered the NSPX30 implant being deployed via the update mechanisms of legitimate software, such as Tencent QQ, WPS Office, and Sogou Pinyin, and attributes this activity to a new China-aligned APT group ESET named Blackwood. 
  • ESET has detected the implant in targeted attacks against both Chinese and Japanese companies as well as against individuals located in China, Japan, and the United Kingdom. The aim of the attack is cyberespionage.
  • The implant was designed around the attackers’ capability to conduct packet interception, enabling NSPX30 operators to hide their infrastructure.

BRATISLAVA, MONTREAL — January 24, 2024 — ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group, named Blackwood by ESET. Blackwood leverages adversary-in-the-middle techniques to hijack update requests from legitimate software to deliver the implant. It has carried out cyberespionage operations against individuals and companies from China, Japan, and the United Kingdom. ESET mapped the evolution of NSPX30 back to an earlier ancestor – a simple backdoor we have named Project Wood. The oldest sample found was compiled in 2005.

ESET Research named Blackwood and the backdoor Project Wood based on a recurring theme in a mutex name. A mutex, or mutual exclusion, is a synchronization tool used to control access to a shared resource. The Project Wood implant from 2005 appears to be the work of developers with experience in malware development, given the techniques implemented. ESET believes that the China-aligned threat actor we have named Blackwood has been operating since at least 2018. In 2020, ESET detected a surge of malicious activity on a targeted system located in China. The machine had become what is commonly referred to as a “threat magnet,” as ESET Research detected attempts by attackers to use malware toolkits associated with multiple APT groups.

According to ESET telemetry, the NSPX30 implant was recently detected on a small number of systems. The victims include unidentified individuals located in China and Japan, an unidentified Chinese-speaking individual connected to the network of a high-profile public research university in the United Kingdom, a large manufacturing and trading company in China, and China-based offices of a Japanese corporation in the engineering and manufacturing vertical. ESET has also observed that the attackers attempt to re-compromise systems if access is lost.

NSPX30 is a multistage implant that includes several components, such as a dropper, an installer, loaders, an orchestrator, and a backdoor. Both of the latter components have their own sets of plugins that implement spying capabilities for several applications, such as Skype, Telegram, Tencent QQ, and WeChat, among others. It is also capable of allowlisting itself in several Chinese antimalware solutions. Using ESET telemetry, ESET Research determined that machines are compromised when legitimate software attempts to download updates from legitimate servers using the (unencrypted) HTTP protocol. Hijacked software updates include those for popular Chinese software, such as Tencent QQ, Sogou Pinyin, and WPS Office. The basic purpose of the backdoor is to communicate with its controller and exfiltrate collected data; it is capable of taking screenshots, keylogging, and collecting various information.

The attackers’ capability for interception also allows them to anonymize their real infrastructure, as the orchestrator and the backdoor contact legitimate networks owned by Baidu to download new components or exfiltrate collected information. ESET believes that the malicious but legitimate-looking traffic generated by NSPX30 is forwarded to the real attackers’ infrastructure by the unknown interception mechanism that also performs adversary-in-the-middle attacks.

“How exactly the attackers are able to deliver NSPX30 as malicious updates remains unknown to us, as we have yet to discover the tool that enables the attackers to compromise their targets initially,” says ESET researcher Facundo Muñoz, who discovered NSPX30 and Blackwood. “However, based on our own experience with China-aligned threat actors who exhibit these capabilities, as well as recent research on router implants attributed to another China-aligned group, MustangPanda, we speculate that the attackers are deploying a network implant within the networks of the victims, possibly on vulnerable network appliances, such as routers or gateways,” explains Muñoz.

For more technical information about the new China-aligned APT group Blackwood and its latest NSPX30 implant, check out the blog post “NSPX30: A sophisticated AitM-enabled implant evolving since 2005.” Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.

Geographical distribution of Blackwood victims

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Finding Fortra GoAnywhere MFT with runZero

On January 22nd, Fortra disclosed a serious vulnerability in its GoAnywhere Managed File Transfer (MFT) product.

This issue, CVE-2024-0204, allows attackers to bypass authentication controls and create new administrative user accounts. Such accounts can then be used to access the system with full administrative privileges. This vulnerability has a CVSS score of 9.8, indicating that it is a critical vulnerability.

It is unknown if this vulnerability is being actively exploited in the wild.

What is the impact? #

Upon successful exploitation of this vulnerability, attackers can execute arbitrary commands on the vulnerable system. This includes the creation of new users, installation of additional modules or code, and, in general, system compromise.

Are updates or workarounds available? #

Fortra has fixed this vulnerability in version 7.4.1 of the product and recommends that users upgrade. Additionally, a workaround is provided as described in the vulnerability advisory.

How do I find potentially vulnerable Fortra installations with runZero? #

From the Services Inventory, use the following query to locate assets running the vulnerable products in your network that expose a web interface and which may need remediation or mitigation:

_asset.protocol:http AND protocol:http AND (last.http.body:"alt=%GoAnywhere Web Client" OR http.body:"alt=%GoAnywhere Web Client")

Additional fingerprinting research is ongoing, and additional queries will be published as soon as possible.Learn more about runZero

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×