Jump to content
CamB

Why Remote Desktop Connection Credentials Stopped Working

Recommended Posts

I have been able to remote into my windows box, but for some reason, it is not working today. I can connect to the box, but the login credentials are not working. I have not changed anything...and the only other person with this info is the security installer and his networking guy.

Share this post


Link to post
Share on other sites

So, I went home and here is what I found out. Someone, somehow got into my server that is only used for Milestone remote access, video storage...and changed the password and also opened another user profile. The only people with access to this server are myself, the security installer, and his network engineer. I have no reason to believe the installer or network engineer would do this without my knowledge, so my assumption is my system was hacked into.

 

Anyone know best practices to secure a Windows box used exclusively for Milestone? Milestone requires open ports, firewall off, antivirus off...in most cases for remote viewing. I have to believe that I can implement some level of security to prevent my system from being hacked and knowing who logged into my server and when.

Share this post


Link to post
Share on other sites
So, I went home and here is what I found out. Someone, somehow got into my server that is only used for Milestone remote access, video storage...and changed the password and also opened another user profile. The only people with access to this server are myself, the security installer, and his network engineer. I have no reason to believe the installer or network engineer would do this without my knowledge, so my assumption is my system was hacked into.

 

Anyone know best practices to secure a Windows box used exclusively for Milestone? Milestone requires open ports, firewall off, antivirus off...in most cases for remote viewing. I have to believe that I can implement some level of security to prevent my system from being hacked and knowing who logged into my server and when.

 

Your question is really not a CCTV type of question at all... it's a windows question and could probably be best handled in a more appropriate forum.

 

I never open up RDP access over simple port forwarding to windows boxes. It is an extremely risky thing to do as you must really be vigilant that everything is locked down.

 

And, you are quick to dismiss that your contractors would not do something like this, but how well are they securing your passwords? The only way the system is secure is if YOU are the only one with those credentials. If anything you can make them some super restricted account for access, or, better yet, use something like Team Viewer if they need to look at the system so that they don't have access to your machine.

 

Your machine might have had more than another profile created, you could have a ton of mal-ware installed. If you use the same password on any other machines on your home network they could be compromised too as it would take someone with the right tools about 5 minutes to scan and infect every machine on your home LAN that they could gain access to via the one with open RDP access.

 

If it's really that important to you to be able to RDP into the machine, you should look into using something like LogMeInIgnition which proxies everything through their servers, so that it's more secure (done via HTTPS) then a direct connection as you are doing.... or, you can swap out the cheesy router you probably have at the location with something that does SSL VPN and only use the SSL VPN connection for gaining remote access.

Share this post


Link to post
Share on other sites

a few basics.

 

 

the firewall off and anti-virus off are very bad idea's

make sure it's fully windows updated, set it to check for new updates as regularly as you can, install all service packs.

with the Firewall you need to have it on but with exceptions for the services that Milestone needs

on the Anti-virus you need to have scan exceptions for the milestone files (*.PIC and something else I forget) if you have no anti-virus I recommend Avast, it's free and just works!

 

you need to make sure you have a router that's just forwarding the ports your server actually needs, if you have the whole PC forwarded (like a DMZ or something) your just ASKING for your PC to get hacked...

 

now lastly on the PC security....

 

step one, right click on my computer and go manage, then expand out users and computers, then users, create a new admin account under a new username, give it at 15+ character (I like sentences) password, then DISABLE the Administrator login!!!!

 

Step two, set 15+ character passwords for every other user that has access, do the same thing for all Milestone users.

 

leave NO account open/without a new password.

 

then your PC should be in reasonable shape.

Share this post


Link to post
Share on other sites
So, I went home and here is what I found out. Someone, somehow got into my server that is only used for Milestone remote access, video storage...and changed the password and also opened another user profile. The only people with access to this server are myself, the security installer, and his network engineer. I have no reason to believe the installer or network engineer would do this without my knowledge, so my assumption is my system was hacked into.

 

Anyone know best practices to secure a Windows box used exclusively for Milestone? Milestone requires open ports, firewall off, antivirus off...in most cases for remote viewing. I have to believe that I can implement some level of security to prevent my system from being hacked and knowing who logged into my server and when.

 

Your question is really not a CCTV type of question at all... it's a windows question and could probably be best handled in a more appropriate forum.

 

I never open up RDP access over simple port forwarding to windows boxes. It is an extremely risky thing to do as you must really be vigilant that everything is locked down.

 

And, you are quick to dismiss that your contractors would not do something like this, but how well are they securing your passwords? The only way the system is secure is if YOU are the only one with those credentials. If anything you can make them some super restricted account for access, or, better yet, use something like Team Viewer if they need to look at the system so that they don't have access to your machine.

 

Your machine might have had more than another profile created, you could have a ton of mal-ware installed. If you use the same password on any other machines on your home network they could be compromised too as it would take someone with the right tools about 5 minutes to scan and infect every machine on your home LAN that they could gain access to via the one with open RDP access.

 

If it's really that important to you to be able to RDP into the machine, you should look into using something like LogMeInIgnition which proxies everything through their servers, so that it's more secure (done via HTTPS) then a direct connection as you are doing.... or, you can swap out the cheesy router you probably have at the location with something that does SSL VPN and only use the SSL VPN connection for gaining remote access.

 

 

Good info, I suggest moving remote access to non-standard ports, if you have the ability lock down remote access to certain IP's etc... this could be hard if some of the locations your logging in from are not behind static IP's

Share this post


Link to post
Share on other sites

Thanks so much for the solid advice, MR2. I will do this today. I think the info you provided will really help other DIY'ers like me that don't do this sort of thing everyday.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×