New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
@vish I think this was what I wanted. Simple, free and doing the job. On the rest of my servers I just block every IP beside some of mine.
@joepie91 I do use other ports then 22 on my Linux servers, beside one. And on that server it's thousands of failed login attempts every day, but on my servers with other ports, it's hardly any. So changing port do help in the Linux world.
@joepie91 - each of us approaches things differently and if something helps ME manage my systems BETTER (IMHO) I apply those approaches. I'm not stupid and we all know that changing ports does not buy us MORE security but it helps us manage our systems better (because of the side effects of less logs to manage/maintain/read/save etc.) - so be it.
From my experience, changing the SSH port has reduced the scans hugely and contrary to what you claim, I do NOT see the same number of failed attempts - so in effect, changing ports has had a desired effect (for me) in reducing (successful/established) connections to my machine. This is seconding what @myhken has also mentioned.
All in all, I find that changing ports is a useful tool in my arsenal of security methods/processes and I intend to use it where appropriate. It is beneficial to me. You choose to not use it - that's fine.
Don't deride me for choosing to do something that is adding a layer to the proverbial onion (and please note that I'm NOT removing something else because I'm changing ports). And of course I'm not sitting smug, thinking I've changed ports and that's all that needs to be done.
Only obscurity is bad. Adding obscurity isn't. No one here implied (or expressly stated) that changing ports provides additional security. Don't interpret it that way.
Anyway to each one's own - you have your ways of doing things and others have their ways - we should agree to (respectfully) disagree and go our ways.
Just a quick question in what to seems can be a big discussion... if I change RDC port from 3389(?) to a random. How can I connect to that server from Microsofts RDC client? Use 123.456.789.0:port in the address?
Exactly
Ok buddy you are the one keeping the scales
Some of us or I'm bad at giving security
lets rest this you are the one with no BS
Thankyou for correcting all
I've been using https://github.com/jjxtra/Windows-IP-Ban-Service for the last little bit and it's been working quite nicely.
Windows should stay behind a firewall.
That done, you can forward a different port to 3389 and you can simply setup some rules in the original firewall.
I am close to 0 to Windows security and prefer to keep it well out of reach of the internet.
I do forward random UDP ports for some experiments I do, and I also do RDP on windows and linux servers, always behind a firewall I can control fully.
If you can forward to a VM behind a firewall, you probably have access to that firewall, if you need a Windows machine with access from anywhere, it is best to put it behind a firewall, a VM of sorts, you can even run something INSIDE the windows VM, forward all traffic to it, then filter as you may need. This does not work well in case of small Windows VMs or very big traffic, but most other scenarios should do, I run such a firewall in a 512 MB Windows VM using virtualbox some years ago.
It kinda worked for normal things, even watching youtube and downloading 50-100 mbps of data.
Use 2FA? Link
It's free too.
RDP Defender is a freeware utility, give it a try