July 2014
 

Annual Notebook Ownership Programme for Students, Staff and Alumni – Apple, HP and Lenovo Notebooks at Discounted Prices
Act Now or You will be the Next Victim of Cyber-attack
Consultation on PolyU’s Baseline Information Security Policy
Free Training on SUSE Certified Linux Administrator for Students
IT Orientation Workshops for Newcomers
August Staff IT Training Workshops



  home   e-Views

 

 

 

Act Now or You will be the Next Victim of Cyber-attack
 

 

Can you imagine what will happen if the backdoor of your house is unlocked when you are having a holiday in Thailand? You will have an empty house when you return. Unlocked backdoor is similar to the unprotected remote desktop service of your systems.

Remote Desktop Service of Windows is commonly used for remote user access to Windows servers and workstations. Kaspersky, a well-known anti-virus vendor, reported that a massive brute force attack against Remote Desktop Protocol (RDP) on Windows systems has been detected since early June 2014. Dozens of thousands of victims have been reported each day since 3 June.

 

What is a RDP brute force attack?

A brute force RDP attack will scan IP ranges and TCP port ranges (the default being 3389) for servers and workstations with Remote Desktop Service enabled. Once an attacker finds an RDP server, he/she will attempt to log on, particularly as an Administrator. If the attacker gets the login-password pair for RDP, he/she effectively owns the system where the RDP server is installed.

The attacker can then plant malicious software in the affected system to exfiltrate data. He/she can also gain access to your company internal network, given that the ‘penetrated’ workstation is connected to it, or attempt to check out all the passwords in the browser installed on the affected system. Opportunities are multiple, and the consequences can be dire.

 

RDP Internet access replaced by SSL VPN

In order to provide a secure way for users to remote access their systems on campus from the Internet, a SSL VPN (Secure Sockets Layer Virtual Private Network) service is now made available for users who have previously applied remote access from Internet through RDP.

 

How to protect yourself?

The following are some best practices you should employ against the massive attack:

Use strong and complex password for your accounts, especially the ones with administrator access to your systems and workstations.

Consider disabling the ‘Administrator’ account of your Windows systems and using a different account name for that access.

Check all the systems under your purview and shutdown the legacy systems which are no longer required.

Disable Remote Desktop Service on your workstation if it is not required. If you do require the Remote Desktop Service for remote control of the systems within the campus network, please change the Remote Desktop Service Port.

Ensure your systems are applied with the latest Windows security patches by turning on the ‘Auto-Update’ function.

Ensure ‘Windows Firewall’ is enabled on the workstations.
Ensure the ‘Account Lockout’ function is enabled on the workstations.

Ensure that anti-virus software is installed on the workstations and servers and the virus signature is up-to-date. Perform a full scan of the workstations regularly.

Disable LM Hash to prevent Windows from storing a LAN manager hash of password in the Active Directory and local SAM (Security Accounts Manager) databases.

Power off your workstations when not in use.

Click here for the detailed procedures of security hardening on workstations to combat RDP brute force attacks.

 

 

Joseph Lam
Manager (Information Security)

 

 
 


 

Consultation on PolyU's Baseline Information Security Policy

 

 

We want to hear from you…

Similar to most universities, the activities of PolyU are heavily associated with generating, manipulating and sharing information for teaching, learning, administrative and research functions. In this connection, the University has been working on strengthening its Information Security Policy Framework.

 

Baseline Information Security Policy

In view of the advancement of technology and the development of international / industry practices in information security management, a Baseline Information Security Policy document has been drawn up to establish the minimum information security requirements that shall be observed and followed by all those with access to the University information systems, including staff members, students, visitors and third party suppliers. These security requirements apply to any information systems attached to the University campus network and any information systems supplied by the University.

The Baseline document has been aligned with other academic institutions, government agencies and the International Organization for Standardisation. It will supersede the existing ‘Computer Systems Security Policy’ and the ‘Departmental IT Security Guidelines’ which were originally published over ten years ago.

 

Public Consultation 

The Baseline Information Security Policy is now released for public consultation within the University community. You are invited to provide your views on the proposed Baseline Information Security Policy. Please forward your views and comments by email (its.security@polyu.edu.hk) on or before 10 October 2014.  

 

 

Joseph Lam
Manager (Information Security)