Scott Howard (scott) writes:

Connecting *anything* to unfiltered Internet in order to configure it is absolutely the wrong thing to do. Even if the config is only going to take a few minutes, it's still asking for trouble.

Conversely, connecting boxes protected only from active connection attempts doesn't buy you're talking about end user boxes. It's usually just a matter of days/weeks/months before said user downloads a trojan or similar. If you want to be certain not to get hacked, don't put it on the Internet :) P.

On Dec 8, 2013, at 3:59 PM, Don Gould wrote:

How do I download the current patch set for Windows 2012 R2 so I can apply it before putting the box on the network?

From behind a stateful firewall or NAT, as noted previously (they're fine for clients, just not for servers)

wget works quite nicely, as well. ;> ----------------------------------------------------------------------- Roland Dobbins // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton

Hopefully you nuked the box after the bad stuff was found, since you can't trust that box any more Windows has a firewall that is on by default, but it sounds like the Remote Desktop service was turned on and the firewall opened Presumably a default account was used (administrator?) with a weak password If you really want to expose RDP natively on the internet without a VPN, Some best practices here: Rename administrator account Create another account you are actually going to use Consider changing the default RDP port 3389 (hardly security here as its still easy to find) Enforce encryption RDP using TLS Enforce NLA (Network Level Authentication) -----Original Message----- From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Don Gould Sent: Sunday, 8 December 2013 10:00 p.m. To: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Help block out China please. How do I download the current patch set for Windows 2012 R2 so I can apply it before putting the box on the network? This seems a bit chicken and egg. (And yes I agree this really is a Geekzone or Whirlpool type question now, but I'm a bit interested in what advice operators are keen for us to be dishing to folk.) Beer. D On 8/12/2013 4:36 p.m., Pete Mundy wrote:

locked down_before_ being put on any publicly accessible IP space -- Don Gould 31 Acheson Ave Mairehau Christchurch, New Zealand Ph: + 64 3 348 7235 Mobile: + 64 21 114 0699 Ph: +61 3 9111 1821 (Melb)

I'M COLLECTING COFFEE CUPS FOR PROJECT COFFEE CUP.

Deja vue (missing the French accent mark) - literally means already seen, that sense of haven't we been here before.

NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog