30 Sep
2016
30 Sep
'16
4:39 a.m.
I usually allow remote access (SSH, RDP, etc...)
through VPN only.
When access from Internet is absolutely required
(because it's not
possible to have a VPN), then I usually add a firewall rule to allow
access only from a list of known WAN IP addresses.
That is certainly the best approach!
Also, whenever possible, I run those protocols on IPv6 only, preferably on an
address that is not as well in DNS for other services on the host. They
cannot viably scan the IPv6 range so this obscurity hides the remote access
quite well.
Rob
30 Sep
30 Sep
12:41 p.m.
New subject: Security - Telnet (port tcp/23)
I've found that putting SSH on a non-standard port has dropped the
door-knockers to virtually zero.
They really are trying to find boxes with known, default passwords.
- Richard, VE7CVS
On 9/30/16 1:39 AM, Rob Janssen wrote:
That is certainly the best approach!
Also, whenever possible, I run those protocols on IPv6 only,
preferably on an
address that is not as well in DNS for other services on the host. They
cannot viably scan the IPv6 range so this obscurity hides the remote
access
quite well.
Rob
2974
days inactive
2974
days old
1 comments
2 participants
participants (2)
-
Richard Chycoski -
Rob Janssen