Source |
CSO |
Identifiant |
6104285 |
Date de publication |
2022-08-03 02:00:00 (vue: 2022-08-03 10:05:30) |
Titre |
Tips to prevent RDP and other remote attacks on Microsoft networks |
Texte |
One long-favored way that ransomware enters your system is through Microsoft's Remote Desktop Protocol (RDP) attacks. Years ago when we used Microsoft's Terminal Services (from which RDP evolved) for shared remote access inside or outside of an office, attackers would use a tool called TSGrinder. It would first review a network for Terminal Services traffic on port 3389. Then attackers would use tools to guess the password to gain network access. They would go after administrator accounts first. Even if we changed the administrator account name or moved the Terminal Services protocol to another port, attackers would often sniff the TCP/IP traffic and identify where it was moved to.To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
3389 access account accounts administrator after ago another article attackers attacks called changed click desktop enters even evolved favored first from full gain guess here identify inside long microsoft moved name network networks office often one other outside password please port prevent protocol ransomware rdp read remote review services shared sniff system tcp/ip terminal then through tips tool tools traffic tsgrinder use used way when where which would years your |
Tags |
Ransomware
Tool
|
Stories |
|
Notes |
|
Move |
|