RE: break in? - terminal services on alternate port

Steve.Cummings_at_barclayscapital.com
Date: 11/15/05

  • Next message: Marcos Marrero: "ISA Server or Firewall Appliance?" 
    Date: Tue, 15 Nov 2005 16:29:40 -0000
To: <barrie@reboot-robot.net>, <maralisa@villatiburon.com>

    Maybe use an ssh tunnel to do this

    Regards

    Steve Cummings
    Barclays Capital
    DDI 0207 773 4245

    -----Original Message-----
    From: Barrie Dempster [mailto:barrie@reboot-robot.net]
    Sent: 15 November 2005 08:50
    To: maralisa
    Cc: focus-ms@securityfocus.com; techlists@comcast.net
    Subject: RE: break in? - terminal services on alternate port

    On Sat, 2005-11-12 at 09:00 -0800, maralisa wrote:
    > Paul,
    >
    > The smartest and best thing to do if you must open the terminal
    > services port to the world is to change the port that terminal
    services runs on.
    > I do this, and it never gets attacked. You should also change the name

    > of your administrator account. This is best practice. I've had my
    > terminal server accessible to the worls for literally year now with no

    > problems.

    Indeed a good step in cutting down on non-specific blanket scanning
    based attacks. Relatively little defence against a determined attacker
    going against you as a specific target however.

    One of the best reasons to advocate running remote access mechanisms, is
    the fact that it keeps your logs a lot cleaner. If all of a sudden you
    see some attempts to log-in you can be reasonably sure that it's a
    targeted attack rather than a blanket scan.

    This becomes useful when responding to the incident, blanket scans are
    an easy fix - however if someone appears to be targeting you
    specifically then there may be other ares of your infrastructure which
    require your attention and you will be able to respond appropriately. 

    --
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue
"He who hingeth aboot, geteth hee-haw" Victor - Still Game
blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3
------------------------------------------------------------------------
For more information about Barclays Capital, please
visit our web site at http://www.barcap.com.
Internet communications are not secure and therefore the Barclays 
Group does not accept legal responsibility for the contents of this 
message.  Although the Barclays Group operates anti-virus programmes, 
it does not accept responsibility for any damage whatsoever that is 
caused by viruses being passed.  Any views or opinions presented are 
solely those of the author and do not necessarily represent those of the 
Barclays Group.  Replies to this email may be monitored by the Barclays 
Group for operational or business reasons.
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: Marcos Marrero: "ISA Server or Firewall Appliance?"
    • Quantcast