When systems administrators need to configure a server, they often use standard remote administration protocols such as Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) to perform their administrative tasks. This access should be restricted to just your systems administrators. That is, you should apply access lists that only allow RDP and VNC to servers from administrative users and block these protocols for ordinary users. Why? Because attackers often use this administrative access to compromise servers and steal information from them. By blocking this access from general users (whose PCs are most likely to be compromised), you make it more difficult for attackers to steal your data, and make it easier for you to detect their presence.
Cybersecurity Engineer, Cisco
Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.