Tuesday, January 22, 2019

#Ransomware Attack at School Triggers Best Practice Reminders

 
Recently, there was a ransomware incident at a nearby school district. The event occurred through a Remote Desktop Protocol Session (RDP) running on the Technology Coordinator's desktop. His machine had a publicly accessible RDP IP address so he could work from home, etc. Unfortunately, his computer was compromised and subsequently used to attack their servers.

If you are using RDP to get access to your network from outside, I recommend the following:
  1. Kill all RDP sessions accessible from outside your internal network. This may require editing your firewall settings to remove the public IP address(es) to your RDP computers.
  2. Change your password on any accounts used for accessing public RDP. The current en vogue system is to use passphrases rather than passwords.
  3. If you must have remote access, set up a VPN to handle that instead of RDP.Several companies offer secure VPN access.
  4. Do NOT put your own login account into the Domain Admins group.
  5. For internal RDP sessions, do *NOT* save the logon credentials. I know it is a pain, but better safe than sorry. :-)