It's not hard for a scanner to try all 65000+ ports on an IP address.Īnd what is the likelihood, after sending that information in a plain-text e-mail, that it could somehow be picked up and used by an attacker in a targeted manner? In my opinion, there's not much of a real risk there, although the risk is absolutely present. How much of a risk is this? What is the likelihood that a scanner would ever touch a port that high up? How much of a risk is this? What is the likelihood that a scanner would ever touch a port that high up? And what is the likelihood, after sending that information in a plain-text e-mail, that it could somehow be picked up and used by an attacker in a targeted manner? Or is this an acceptable level of risk? They'd connect, do their job, and let us know when they were finished, at which point we would close the port. Password: 9238hjrklajshdi92 (or some random password) Host: hostname:23984 (or some random port number) So, we would send off an e-mail to them containing: In both cases (different vendors) their preferred method of connecting was for us to open up RDP to them, on an obscure high-numbered port, give the administrator account a strong password, and then send them the information in e-mail. On a couple occasions, we have had vendors who shipped hardware to us for us to physically install, at which point their tech would connect remotely to perform the software configuration. I wonder what people's thoughts are on this, then. Having been through what I have, I wouldn't even trust this anymore, though. If you do decide to go direct RDP, change the RDP port to an obscure port, make sure you have a great password policy set up (via group policy - complexity required, lockout threshold, the works), and make sure you have some reliable method of monitoring event security logs on the server. If you don't you are setting yourself up for a lot of headache, and even potential legal issues, down the road. Windows VPNs are easy to set up and port forward if you already have AD going. These were all small enough companies where we foolishly thought they'd never be targeted, but crawlers are constantly out there looking. One even managed to successfully gain access. A few weeks ago we had alerts fire that brute force attempts were being done on a few client servers from all sorts of IP addresses. Security through obscurity only works for so long, even when changing the RDP port. I work for a small MSP and a few of our clients had this set up. For the love of God, DO NOT OPEN YOUR SERVER RDP PORT TO THE INTERNET.
0 Comments
Leave a Reply. |