A server administrator needs to administer a server remotely using RDP, but the specified port is closed on the outbound firewall on the network. The access the server using RDP on a port other than the typical registered port for the RDP protocol?
Joe analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts?
[00: 00: 01]Successful Login: 015 192.168.1.123 : local
[00: 00: 03]Unsuccessful Login: 022 214.34.56.006 : RDP 192.168.1.124
[00: 00: 04]UnSuccessful Login: 010 214.34.56.006 : RDP 192.168.1.124
[00: 00: 07]UnSuccessful Login: 007 214.34.56.006 : RDP 192.168.1.124
[00: 00: 08]UnSuccessful Login: 003 214.34.56.006 : RDP 192.168.1.124
A. Reporting B. IDS C. Monitor system logs D. Hardening
Correct Answer: D Section: Threats and Vulnerabilities
We can see a number of unsuccessful login attempts using a Remote Desktop Connection (using the RDP protocol) from a computer with the IP address 192.168.1.124.
Someone successfully logged in locally. This is probably an authorized login (for example, Joe logging in).
Hardening is the process of securing a system. We can harden (secure) the system by either disallowing remote desktop connections altogether or by restricting which IPs are allowed to initiate remote desktop connections.
A: Reporting is not used to prevent unauthorized login attempts.
B: An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. An IDS could detect the attempted logins but it would not prevent them. “Hardening” is a basic security principle which should be applied to every system.
C: Monitoring system logs will keep you informed about any potential problems with the computer system. However, it will not prevent unauthorized login attempts.