On 11/16/2014 03:27 PM, Ken Hohhof via Af wrote:
"Properly protected" however sounds a bit like blaming the victim. I would say it's a lot easier to protect a castle that just has one gate. If I use it once a year, why leave it running all the time beckoning to bad guys or waiting for me to slip up on firewall rules?
I understand your reticence to leave it turned on. I was simply responding to the idea that turning it off (without qualification) was the only, "best" solution. Best practice is to protect necessary services. If it isn't necessary for you, then turning it off IS part of "proper protection".
In addition to SSH, the other attractive nuisance seems to be RDP. There's a simple little tool called DUBrute the kiddies will run against tcp/3389, they don't have to be successful, just the traffic will mess you up.
Agreed. Again, though, protecting the port is key. It should not be open to the world. There are better practices than a simple nat that opens this up to the world.
I'm waiting for webcams to be the next big target, so many of them use UPnP and DynDNS to expose a webserver on a public IP, and end users buy them at Amazon and Costco, even supposed computer and networking professionals install them with no thoughts about network security.
Rinse and repeat above comments. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
