- Scan publicly listed IPs for any open RDP or SSH ports, and block them.
- Monitor and analyze logs to identify any unusual user behavior on your network.
- Deploy an endpoint solution that can give you actionable data about the devices authenticating into your environment - which can tell you where users are coming from, when, and with what IP address.
- Implement two-factor authentication on all account logins, including privileged and administrative, which can deter criminals from successful remote brute-force attacks.
- Don’t share or reuse passwords; this can stop the spread of compromise if one server is breached with stolen administrator/root account credentials.
- Create custom policies and controls that dictate which applications can be accessed remotely, and by whom.
- Limit the number of administrator RDP accounts, or remove them completely if not needed.
- Set an account lockout policy that locks accounts after a certain number of incorrect guesses, to prevent the success of brute-force attacks.
Tuesday, April 25, 2017
Protecting Remote Access to Your Computer: RDP Attacks and Server Credentials for Sale | Duo Security
Protecting Remote Access to Your Computer: RDP Attacks and Server Credentials for Sale | Duo Security is great advice from Duo: