Security Basics mailing list archives
R: RDP over the internet
From: "Webstyler.it" <info () webstyler it>
Date: Thu, 12 Jan 2012 08:48:13 +0100
Hello As write by other users there are a lot of way to keep safe ( or more safe ) an exposed win server Hardware firewall, vpn, custom rdp port and hard password is right way But, not always this scenario may be applicate So, think minimal scenario is custom rdp port, a really hard password and a good setting of window server and win firewall to close services not working. Would be really interesting if windows firewall could be "ban" IP after 10 (example) login failed, for simple protection. Simon -----Messaggio originale----- Da: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Per conto di krymson () gmail com Inviato: mercoledì 11 gennaio 2012 23.37 A: security-basics () securityfocus com Oggetto: Re: RDP over the internet I've actually recently seen the results of just such a situation where a company had RDP listening to the outside world, and an attacker in eastern Europe bruteforced the administrator account over the period of a couple months. Once gotten, the attacker had full control and console access to the system. Granted, there were more mistakes than just handing your RDP balls out onto the wind of the Internet... Others have given good suggestions, but please make sure you have a control around stopping or detecting or preventing any ol' user on the Internet from just bruteforcing you over time. Personally, I would want a VPN or other layer of remote control that you can log into that is better to leave open to any source IP. You should not allow any source IP to hit your RDP opening. It would be better to just limit it to your home or some other smaller subnet you expect to normally use. Personally, I like the logging and auth capabilities of other remote control solutions, rather than heading straight into an RDP opening. Typically speaking, a VPN or other remote control solution won't let shared accounts or strange things log in, but RDP may not be as forgiving about misconfigurations or mistakes or just gaps in knowledge. Keep in mind current and previous normal and administrative users as people who might be interested in using your RDP opening to lock out accounts or otherwise be annoying. <- snip -> Hi all I would like to know what are your opinions of using RDP over the internet on a Windows 2008 R2 server? Are there any major known exploits or vulnerabilities? How safe is the server with having port 3389 open to the internet. Rgds, Mario ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ __________ Informazioni da ESET NOD32 Antivirus, versione del database delle firme digitali 6787 (20120111) __________ Il messaggio è stato controllato da ESET NOD32 Antivirus. www.nod32.it __________ Informazioni da ESET NOD32 Antivirus, versione del database delle firme digitali 6787 (20120111) __________ Il messaggio è stato controllato da ESET NOD32 Antivirus. www.nod32.it ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: RDP over the internet, (continued)
- Re: RDP over the internet Ansgar Wiechers (Jan 10)
- Re: RDP over the internet security () stealthnodes com (Jan 10)
- RE: RDP over the internet Dimitrios Hilton (Jan 10)
- Re: RDP over the internet William Söderberg (Jan 10)
- RE: RDP over the internet David Gillett (Jan 10)
- Re: RDP over the internet Hosts Deny (Jan 11)
- Re: RDP over the internet synja (Jan 12)
- Re: RDP over the internet Savvy95 (Jan 10)
- RE: RDP over the internet Greg Carson (Jan 10)
- Re: RDP over the internet krymson (Jan 11)
- R: RDP over the internet Webstyler.it (Jan 12)