Just a few years ago it seemed perfectly reasonable to open up Remote Desktop for end users. Open port 3389 on the firewall, make sure you have a solid password, and off you go. If you wanted to be really sneaky, you change the port to something much higher so that the “port scanners” couldn’t find it as easy.

I don’t know if it’s the tools getting better, the availability of Internet growing worldwide, us being targeted overseas or the tremendous spike in profits being raked in with Identity theft and cybercrime, probably all of the above, but the game has changed. We have gone for see 0 bad login attempts to upwards of 8,000 in a 24 hour period. Obviously automated, and unsuccessful if you have a good password, it’s very discomforting.

We are now highly recommending closing off open ports, for anything, not just Remote Desktop, where it is not needed. Use a VPN, lock down access to a specific IP or IPs or use a service such as logmein, though the risks with that warrant another article. If it’s not feasible, due to the amount of users accessing it, and budget constraints to re-configure all, there are now tools and scripts out there to block IP addresses from hitting the machine after 5 bad login attempts. Either way, try and stop the outside world from “trying your door” all day long with remote tools. As always, patch, patch patch!!

Written by Bret Erickson of Passkey Computer Services

http://www.passkeyinc.com @passkeycs