I've just put my new server up on an IP address with a domain pointing to it. I need to be able to remote admin it. I've opened the firewall for Remote Desktop and HTTP traffic. Is this going to be secure enough? I guess I should probably rename the administrator user...
我刚刚把我的新服务器放在一个IP地址上,域名指向它。我需要能够远程管理它。我打开了远程桌面和HTTP流量的防火墙。这是否足够安全?我想我应该重命名管理员用户...
4 个解决方案
#1
4
The absolute minimum you should do is change the Remote Desktop port, change the Admin username, and have a very strong admin password.
您应该做的绝对最小值是更改远程桌面端口,更改管理员用户名,并拥有一个非常强大的管理员密码。
#2
4
Should be sufficient, as long as you use a crazy-complex password for the admin account, and make sure your http server is security-patched and up-to-date.
只要您为管理员帐户使用疯狂复杂的密码,并确保您的http服务器已安全修补并保持最新,这应该足够了。
Also, I hope firewall != Windows Firewall.
另外,我希望防火墙!= Windows防火墙。
Edit: +1 for EHaskin's suggestion of changing RD port, if only to reduce the bruteforce spam that your FW will have to endure, but never think that security == obscurity.
编辑:为EHaskin改变RD端口的建议+1,如果只是为了减少您的FW必须忍受的暴力垃圾邮件,但从不认为安全==默默无闻。
#3
0
Any chance you can set up your server as a VPN endpoint? Then you would only have the VPN ports and the HTTP ports open. When you want to RDP to the server, you would connect to the VPN first and then you're good to go.
您有可能将服务器设置为VPN端点吗?然后你只能打开VPN端口和HTTP端口。当您想要RDP到服务器时,您将首先连接到VPN,然后您就可以开始使用了。
Only reason is, if my memory serves me right, RDP traffic is not encrypted.
唯一的原因是,如果我的记忆正确,RDP流量没有加密。
This is how I run my IIS server at home, works very well.
这就是我在家里运行IIS服务器的方式,效果非常好。
#4
0
Windows Server 2008 supports VPN capabilities. You can configure your remote access policies by using the Network Policy and Access Services. I believe this needs to be installed as a role before you can use it. Also, simply changing the RDP port on your firewall will not prevent an experienced hacker from still getting to your server. A simple port scan would reveal open ports.
Windows Server 2008支持VPN功能。您可以使用网络策略和访问服务配置远程访问策略。我相信这需要在您使用之前作为角色安装。此外,只需更改防火墙上的RDP端口,就不会阻止有经验的黑客进入您的服务器。简单的端口扫描将显示开放端口。
#1
4
The absolute minimum you should do is change the Remote Desktop port, change the Admin username, and have a very strong admin password.
您应该做的绝对最小值是更改远程桌面端口,更改管理员用户名,并拥有一个非常强大的管理员密码。
#2
4
Should be sufficient, as long as you use a crazy-complex password for the admin account, and make sure your http server is security-patched and up-to-date.
只要您为管理员帐户使用疯狂复杂的密码,并确保您的http服务器已安全修补并保持最新,这应该足够了。
Also, I hope firewall != Windows Firewall.
另外,我希望防火墙!= Windows防火墙。
Edit: +1 for EHaskin's suggestion of changing RD port, if only to reduce the bruteforce spam that your FW will have to endure, but never think that security == obscurity.
编辑:为EHaskin改变RD端口的建议+1,如果只是为了减少您的FW必须忍受的暴力垃圾邮件,但从不认为安全==默默无闻。
#3
0
Any chance you can set up your server as a VPN endpoint? Then you would only have the VPN ports and the HTTP ports open. When you want to RDP to the server, you would connect to the VPN first and then you're good to go.
您有可能将服务器设置为VPN端点吗?然后你只能打开VPN端口和HTTP端口。当您想要RDP到服务器时,您将首先连接到VPN,然后您就可以开始使用了。
Only reason is, if my memory serves me right, RDP traffic is not encrypted.
唯一的原因是,如果我的记忆正确,RDP流量没有加密。
This is how I run my IIS server at home, works very well.
这就是我在家里运行IIS服务器的方式,效果非常好。
#4
0
Windows Server 2008 supports VPN capabilities. You can configure your remote access policies by using the Network Policy and Access Services. I believe this needs to be installed as a role before you can use it. Also, simply changing the RDP port on your firewall will not prevent an experienced hacker from still getting to your server. A simple port scan would reveal open ports.
Windows Server 2008支持VPN功能。您可以使用网络策略和访问服务配置远程访问策略。我相信这需要在您使用之前作为角色安装。此外,只需更改防火墙上的RDP端口,就不会阻止有经验的黑客进入您的服务器。简单的端口扫描将显示开放端口。