in order to do this i decided to employ a few well known tricks of the trade:-
- change the name of the local administrator account - this can easily be done and should ideally be set to something difficult to guess, as well of course as making the password for the account complex.
- set the port used for rdp to something other than the default - whichever port number you choose you must of course make sure that its not already in use by another process, and also remember to alter any port forwarding rules on your router (see http://support.microsoft.com/kb/306759 for details)
- lock down the source ip address using an ipsec policy - this trick is less well known and is a little bit difficult to get right, but once in place this is a great safeguard against any attackers, as they would need to be able to spoof your ip addres in order to gain access to your system, not something easily done (see http://www.securityfocus.com/infocus/1559 for details)
thats it for now.
No comments:
Post a Comment