RE: break in? - terminal services on alternate port

From: Barrie Dempster (barrie_at_reboot-robot.net)
Date: 11/15/05

  • Next message: Steve.Cummings_at_barclayscapital.com: "RE: break in?" 
    To: maralisa <maralisa@villatiburon.com>
Date: Tue, 15 Nov 2005 08:50:14 +0000

    On Sat, 2005-11-12 at 09:00 -0800, maralisa wrote:
    > Paul,
    >
    > The smartest and best thing to do if you must open the terminal services
    > port to the world is to change the port that terminal services runs on.
    > I do this, and it never gets attacked. You should also change the name
    > of your administrator account. This is best practice. I've had my
    > terminal server accessible to the worls for literally year now with no
    > problems.

    Indeed a good step in cutting down on non-specific blanket scanning
    based attacks. Relatively little defence against a determined attacker
    going against you as a specific target however.

    One of the best reasons to advocate running remote access mechanisms, is
    the fact that it keeps your logs a lot cleaner. If all of a sudden you
    see some attempts to log-in you can be reasonably sure that it's a
    targeted attack rather than a blanket scan.

    This becomes useful when responding to the incident, blanket scans are
    an easy fix - however if someone appears to be targeting you
    specifically then there may be other ares of your infrastructure which
    require your attention and you will be able to respond appropriately. 

    -- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue
"He who hingeth aboot, geteth hee-haw" Victor - Still Game
blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3

  • Next message: Steve.Cummings_at_barclayscapital.com: "RE: break in?"
    • Quantcast