At SpireTech, we’ve noticed an increase in certain types of “Brute Force” attacks on Microsoft Windows operating systems, particularly those allowing Remote Desktop. A ‘brute force’ attack is a repeated automated attempt to gain unauthorized access by guessing at username/password combinations.
What does this mean to our clients? Here are a few key takeaways:
- Obscurity is not security. Using an uncommon port, redirected from a firewall, to a machine inside your network, is not going to prevent your system from being probed by bots and hackers. Instead, use an SSL VPN to add a second layer of security to your network.
- Use truly complex, random, and lengthy passwords. We see lots of passwords that people think are secure, but they really aren’t that great. Also, because your network password is often used for your company email password or Office 365, it opens up yet another vector people can use to try and guess your password. If they’ve got your email, it’s probably very similar to your username, so that means they only need to crack your password. You should never reuse passwords for your office systems for online services, if you have then you should look into changing those passwords.
- Have your network checked for old, unused accounts. Remove accounts for old employees or contractors that aren’t around anymore. A reputable Managed Service Provider should have the tools to perform a scan and prepare a report for you, or have the ability to report on this automatically for you.
People may wonder: why doesn’t the firewall detect this activity? The short answer is because it’s encrypted. With encryption everywhere, and SSL being used for everything, it’s not possible to determine the contents of network traffic passing through the firewall. Some other methods can be employed, like examining “who” you are talking to, eg. the reputation of certain IP addresses – but even that isn’t perfect.
If you’re running RDP/RDS (Remote Desktop) open to the internet, contact us about getting your network secured today.