Hopefully you nuked the box after the bad stuff was found, since you can't trust that box any more Windows has a firewall that is on by default, but it sounds like the Remote Desktop service was turned on and the firewall opened Presumably a default account was used (administrator?) with a weak password If you really want to expose RDP natively on the internet without a VPN, Some best practices here: Rename administrator account Create another account you are actually going to use Consider changing the default RDP port 3389 (hardly security here as its still easy to find) Enforce encryption RDP using TLS Enforce NLA (Network Level Authentication) -----Original Message----- From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Don Gould Sent: Sunday, 8 December 2013 10:00 p.m. To: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Help block out China please. How do I download the current patch set for Windows 2012 R2 so I can apply it before putting the box on the network? This seems a bit chicken and egg. (And yes I agree this really is a Geekzone or Whirlpool type question now, but I'm a bit interested in what advice operators are keen for us to be dishing to folk.) Beer. D On 8/12/2013 4:36 p.m., Pete Mundy wrote:
locked down_before_ being put on any publicly accessible IP space -- Don Gould 31 Acheson Ave Mairehau Christchurch, New Zealand Ph: + 64 3 348 7235 Mobile: + 64 21 114 0699 Ph: +61 3 9111 1821 (Melb)
I'M COLLECTING COFFEE CUPS FOR PROJECT COFFEE CUP.
Deja vue (missing the French accent mark) - literally means already seen, that sense of haven't we been here before.
NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog