![]() This introduces the other issue I have with Remoting. If you want it on, then turn it on, it isn’t that hard.ĭon also talks about the fact that Remoting is an incredibly controllable, HTTP-based protocol. Whilst it is true, that we could use a customised gold/master image, Group Policy or some other tool to create an environment where Remoting is off by default, it must be highlighted that the inverse, an on by default environment would be just as simple to create with these tools. I really have to disagree with him, and say that he has missed the point to a degree. In Don’s post, he talks about the fact we could easily create an off by default environment if we so wanted. In 2014 when I presented on Lateral Movement with PowerShell, audiences typically responded with a significant amount of surprise, be they from an administration or security background. Moving to an off by default model could protect these environments from this sort of configuration error.Īs a side note, it is still interesting to me how Microsoft changed Remoting from off to on by default in Windows Server 2012, with very little fanfare. Those who deployed and manage these systems may be well unaware of the risks that they have introduced to their networks. Users, administrators and developers have all been busy provisioning virtual machines on platforms like Azure and AWS, and whilst in many cases RDP endpoints are on random high ports, the same cannot be said for Remoting. Well, we are doing this to an extent right now. Should we be enabling these criminals and providing them with even more machines that they can take over? What happens when the criminals discover Remoting? Bruteforcing credentials via Remoting should be even easier and have written about just such a thing on previous occasions. Brian Kreb’s has posted on Internet criminals selling access to Linux and Windows servers whose credentials they have brute forced. If you have ever been responsible to auditing the log files of a server where SSH or RDP is exposed to the Internet, you will be well aware of the automated scan attempts that are performed. It has become increasingly dangerous to expose management services, be they SSH or RDP on the Internet. ![]() ![]() Whilst adoption has not been as high as was expected (due to issues with third party vendors, administrators and to a big extent Microsoft), it is clearly a sign of how ahead of the curve Microsoft has been. Ironically, one of the obvious reasons to have RDP off by default is to encourage the move from on server management to remote management. ![]() RDP is off for a number of reasons with security being only one of them. Remote Desktop is a great example where Microsoft followed these methodologies. People in glass houses shouldn’t throw stones, as Remoting can be just as poorly deployed. I do, however, believe that the failure is not in the off by default configuration, but is in the lack of documentation covering the secure configuration of SSHD. ![]() Now it can be argued, that this has been a failure, and I think most would agree. One of the early reasons for an off by default approach in Linux, was that it ensured that administrators were aware of the risks prior to enabling SSHD. For a significantly long period of time, SSHD has been off by default, and administrators have still be able to manage their server fleets. Linux administrators, and developers of Linux distributions have been in a similar situation in the past. Why should there be an exception to this posture that has worked extremely well since Windows 2003? Microsoft learnt from a number of major security blunders in the early days (Code Red, Slammer and even Blaster), and focused on a more secure development and deployment model. Services like POP3 and IMAP are off by default in Exchange, SQL servers do not listen for IP addresses by default, we need to install roles and features individually. Simply having Remoting off, unless explicitly required, will reduce the attack surface area and increase the security of our systems.Įven Microsoft has followed an off by default methodology for the past 10 to 15 years. The argument is quite simple, enabled services are vulnerable servers, they expose your devices to potential risks. It has long been an industry practice, to disable/stop services which are not in use on your clients and servers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |