Hans-Christian Andersen
hans.andersen at phulse.com
Tue Mar 5 11:32:16 CST 2013
I would generally agree that it is a bad idea to have remote desktop accessible from the web. A better alternative is to set up a VPN or, at the very least, using port knocking to secure the server better from malicious background internet traffic. Another alternative, which I use, is a tool on Linux called fail2ban, which monitors your logs for failed login attempts and bans any IP's that failed to login 3 times in the firewall. Works like a charm. But, I wouldn't allow any service that doesn't need to be public to be accessible publicly in principle. It may seem safe today, but once a zero-day exploit comes around... - Hans On 2013-03-05, at 9:19 AM, "Dan Waters" <df.waters at comcast.net> wrote: > One of my customers is a subsidiary of a larger company. That company has > contracted with Computer Services Company (CSC) to provide computer and > network services. (CSC was recently fired by the US Air Force for not > fulfilling a contract to provide a large software system.) > > > > At my customer, CSC is doing what they call 'server hardening'. A > consequence of this is that remote desktop access is no longer allowed - so > I can no longer directly update or maintain the system I've built for them. > Even my customer's employees have lost their remote access to this server. > I have yet to figure out how to make this work. BTW, the folks at my > customer have been infuriated by CSC's actions for a couple of years now and > they are angrier than I am. > > > > So, I'd like to ask everyone if you believe that preventing remote desktop > access is appropriate for server hardening. Or, what steps could be done to > provide equivalently secure remote access? > > > > > > Thanks! > > Dan Waters > > > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com