How it started?
When originally given this task as to research a topic and try to find a gap in research or look towards the future, the feat seemed impossible. Nonetheless, my mind immediately went to cybersecurity, but more specifically, Governance, Risk management, and Compliance, more commonly known as GRC. I wished to learn more about policies utilized and implemented to reduce risk and vulnerabilities in our systems and assets. This curiosity along with extensive research honed me into my research question, "In terms of risks and vulnerabilities, how can I implement a policy on virtual machines in order to maintain a higher standard of integrity of your data?"
Background Research
In my search for policies to evaluate over the years, I noticed a common thread: many of them were geared towards closing off vulnerabilities in commonly exploited ports. However, one policy in particular caught my attention due to its high potential for harm: the Remote Desktop Protocol (RDP). In fact, RDP has been exploited in several high-profile attacks over the years. One example of this is the 2017 ransomware attack on the UK's National Health Service, which was carried out using a vulnerability in RDP. This event highlighted the need for more robust RDP policies and inspired me to focus on this area.
To learn more about RDP policies and how to protect against vulnerabilities, I turned to virtual machines. By creating a safe environment where I could make changes to policies without affecting my actual computer, I was able to experiment and learn without putting myself at risk. With the help of virtual machines, I was able to gain a deeper understanding of RDP policies, including how to protect against port 3389, which is commonly exploited by hackers to gain unauthorized access to RDP. With this knowledge, I set out to create my very first prototype, which would help me to learn how to implement a policy on my first virtual machine.
I decided to utilize a Windows 7 virtual machine as the operating system for my first prototype and created a policy that enabled access to websites by allowing incoming traffic on port 80, which is the standard port for HTTP traffic.
After implementing the policy, I conducted a test to determine the integrity of the data on the virtual machine. I tested the web server by accessing it from other devices on the network and using web applications hosted on the virtual machine. Through these tests, I was able to confirm that the policy was effective in enabling access to the web server while also maintaining the security of the virtual machine. As you can see the "ResearchProjectAllowingHTTPTraffic" rule is enabled and "Windows Resource Protection did not find any integrity violations."
Method to Success
To improve system security and mitigate risks associated with Remote Desktop Access (RDA), I implemented a Windows Firewall policy on a Windows 10 virtual machine. The policy focused on closing off port 3389, a commonly exploited port for RDA vulnerabilities, and was implemented using the Windows Firewall with Advanced Security tool. The inbound rule created with this tool effectively blocked traffic to port 3389, enhancing the overall security posture of the virtual machine.
The implementation of this policy required a thorough understanding of the system architecture and the Windows Firewall with Advanced Security tool. By leveraging the tool's fine-grained approach to policy implementation, I was able to exercise granular control over traffic flows, ensuring that only authorized traffic was allowed to enter the system. I also monitored the policy's effectiveness continuously to adapt to changes in the system environment and ensure ongoing system security.
Reflection
What have you learned?
Through this project, I have learned a lot about topics ranging from how to mount a GUI onto a virtual machine to how hackers have used Remote Desktop Protocol (RDP) to take down networks.
What did your learning process look like?
Learning about policies had originally been a very hard task to complete it was hard to find sources and focused direction. However, as I dug deeper I found interest in RDP and stuck with it.
What failures did you encounter and how did you overcome them?
A problem I had spent many hours before figuring out and solving was the process of mounting the Graphical User Interface (GUI) onto my virtual machine as to run Windows 10 as a whole. However, with the help of my mentor, Jynsen Holland, I have been able to overcome this.
What are you most proud of with this project?
After completing the research process, I am very proud of what I have learned and the way I have communicated this information into a well-detailed poster.
In what ways do you think your project could help others?
My project could be very beneficial to small businesses with weaker security infrastructures as these companies are most susceptible to RDP attacks.
Credits:
Created with images by Duncan Andison - "A hand selecting a Policy business concept on a futuristic computer display." • Artur - "Handwriting text writing Policies And Procedure. Conceptual photo list of rules defines customer and buyer rights Male human wear formal work suit presenting presentation using smart device"