Jisc is to move to protect universities and research bodies from ransomware attacks by blocking the access to its Janet network from outside the UK to the Remote Desktop Protocol (RDP) port 3389.
The membership organisation for technology services in the sector is planning to take the step in late March of next year based on evidence that this has been the route for at least half of major ransomware incidents in the sector since August 2020.
Only inbound traffic from known UK IP addresses will be allowed to proceed on RDP by default to Janet – the national network for higher education and research – as opposed to the current requirement to opt in.
RDP is a network communications protocol for users to access physical work desktops from other devices through client software. It is typically less secure than connecting via on-site computers because access is usually obtained using a username and password with no other authentication controls. This makes users vulnerable to malicious actors who use phishing or social engineering to gain log-in details and access to organisations’ internal systems.
Devastating attacks
Jisc’s director of information security policy and governance, Dr John Chapman, said: “The use of ransomware against our sector and globally has ramped up over the past couple of years and some attacks against colleges and universities have been devastating.
“Organisations can still opt out of restrictions to specific IP addresses if they wish to, but they must accept the greater risk of a serious cyber security incident.
“Controlling access to a known attack vector will help protect the sector as a whole against this type of attack.”
The change follows updates to Jisc’s cyber security policies for the higher and further education sectors earlier this year.