On Sat, 2005-11-12 at 09:00 -0800, maralisa wrote: > Paul, > > The smartest and best thing to do if you must open the terminal services > port to the world is to change the port that terminal services runs on. > I do this, and it never gets attacked. You should also change the name > of your administrator account. This is best practice. I've had my > terminal server accessible to the worls for literally year now with no > problems.
Indeed a good step in cutting down on non-specific blanket scanning based attacks. Relatively little defence against a determined attacker going against you as a specific target however. One of the best reasons to advocate running remote access mechanisms, is the fact that it keeps your logs a lot cleaner. If all of a sudden you see some attempts to log-in you can be reasonably sure that it's a targeted attack rather than a blanket scan. This becomes useful when responding to the incident, blanket scans are an easy fix - however if someone appears to be targeting you specifically then there may be other ares of your infrastructure which require your attention and you will be able to respond appropriately. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
smime.p7s
Description: S/MIME cryptographic signature
