by yannick 28-06-2016 11:01 PM - edited 28-06-2016 11:02 PM
With the proliferation of computer viruses, Trojan horses, worms, E-mail spam and Denial of Service (DoS) attacks comes an increased risk of computer security vulnerability. While we strongly suggest you speak to a security expert, the following is a list of recommendations that can be taken to help reduce your exposure to potential attacks:
1. Remote Desktop Protocol (RDP)
Disable RDP on any computer or server that does not require it to be running.
RDP is a network communications protocol for Windows-based computers. It can allow an individual to remotely log into a networked computer (including via the Internet) as if they were sitting in front of the local machine. Remote Desktop sessions usually operate over an encrypted channel to prevent others from viewing your session – however such sessions have been known to be compromised which enables hackers to [insert].
How do I tell if RDP is enabled?
Remote desktop is disabled by default on Windows. To check if it is disabled:
- Click Start, point to Administrative Tools
- Select Server Manager
- In Computer Information, click Configure Remote Desktop
- Check Option “don’t allow connections to this computer” is selected
- Click on “Charm Bar”
- Click on Settings
- Select Server Info
- Select Advanced System Settings
- Select “Remote” tab
- Check Option “don’t allow connection to this computer” is selected
Windows Vista & 7
- Right click on My Computer
- Select Properties
- Select “Remote Settings”
- Check Option “don’t allow connections to this computer” is selected.
Windows 8, 8.1 or 10
- Use Start Search and search for “remote” or “System Properties”
- Launch System Properties and check “Remote” tab
- Check Option “Don’t allow remote connections to this computer” is checked.
But I need RDP…
If you need RDP activated on your server, we suggest you consider following these guidelines to help reduce the risk of RPD being compromised:
- Use Strong Passwords consisting of multiple character types and at least twelve to fifteen characters in length
- Update software regularly
- Rather than connecting directly to RDP over the internet, consider connecting to the network via a VPN and then connecting to RDP.
- Restrict access using Firewalls, for example, only the IP address or range of IP addresses that are desired should be allowed to connect via RDP but everything else should be excluded.
- Use a remote desktop gateway to manage multiple RDP connections
- Limit users who can log in using RDP
- Use two-factor authentication on highly sensitive systems
2. Open Ports
Close off ports not required in the running your business.
Port scanning provides hackers with details on what ports are available on a computer system. A display of open/vulnerable ports can provide a hacker with an entry point to your network.
The less information a hacker can find about your internal network and number of active devices, the less network entry points they have to potentially exploit.
Install and maintain a good virus detection system.
Many attacks are not deliberate attacks by individuals but your systems may be compromised by a virus, worm or trojan horse attack. Installing and maintaining a good virus detection system is critical for all computers connected to the Internet. It is vital to install at least one virus detection system and to keep it current. Virus file updates should be carried out as per the recommendation of the manufacturer of the virus detection system.
Install, configure and maintain a firewall.
A firewall is a must for your network protection and should be configured to allow only the services (ports) that are allowed to access your system in. Also allow out only what is required to go out. The use of a security expert is recommended for setting up of firewalls.
5. Monitor Network Traffic
Regularly check network traffic for trends and changes, and investigate poor Internet performance. Often a reduction in network performance is due to increased traffic on your link.
Telstra’s Global Enterprise Services and Large Business customers have a “Custdata Page” available at http://telstra.com.au/bigpond/direct. This page provides a number of useful services in assisting in the maintenance of your service and individual link traffic details can be viewed here. These will indicate trends, give an estimate of likely costs and provide useful information on unusual traffic that may indicate a possible attack etc. A sudden increase in traffic for an extended period could indicate an issue.
For example, normally your link sends to Telstra at 2Kbits/sec however, for the past 24 hours this has increased to 29Kbits/sec. It could be as simple as a stuck mail message that is slowing your network performance, but it may also be the result of malicious activity.
For Small Business and Consumer customers please look at getting a network traffic monitoring tool for your server. Some servers have performance monitoring tools included in the operating system.
6. Mail Relay
Ensure mail relay is not allowed by your mail system.
E-mail spammers tend to search for and use computer systems that allow mail relay. They send bulk mail via another’s mail server. Not only does this present a cost but also increases the risk of being “black holed” thus not being able to send legitimate E-mail.
7. Vulnerability testing
Have a security expert scan and attempt to crack your system.
Having an expert scan your system proactively and block any vulnerabilities discovered will help reduce the ability for your systems to be hacked and being exploiting.