Protect Remote Access (SSH/RDP)
Protecting Remote Access Through the Path Network
Getting Started
Information Technology is (and has been) a large target for bad actors to take advantage of. Cloudflare indicates in their Q4 DDoS Trends article, that information technology services were the fourth-largest target industry for denial of service attacks they recorded. There is a wide range of tools available to you through Byteania to help protect your servers through the Path Network.
To get started with the Byteania Filter, you must first request credentials through a Billing ticket. You are not automatically given an account to this portal on service purchases. Once you've received your credentials you're all set to begin protecting your endpoints.
Protecting SSH (Secure Shell)
Firewall Rules
By default, SSH binds to port 22/TCP on install. Generally speaking, default configurations (software-wise) are not designed to be security-focused. Instead, they're designed in a way where the minimum runs, limiting the number of issues users experience out of the box. When it comes to SSH, we highly recommend changing the SSH port from its default 22, to something non-standard, for example, 2234. This is a great step to prevent unwanted scans and brute force attempts.
If you want SSH to be accessible from anywhere, you need to create the following rule. This will ensure that all traffic on the SSH port passes through with no issues.
An alternative option (and a more secure option) would be restricting the SSH port to only be allowed from a specific source address. Below we've outlined two good approaches to IP-based restriction.
- VPN: Creating/renting your own private VPN, and allowing SSH access only from the VPN IP address. Great for sharing access with multiple people.
- HOME IP: Limit SSH access only from your home's IP address. In other words, only you (from your home network) can authenticate/access SSH.
Where:
12.34.56.78/32 is your VPN or home IP address.
Filter Rules
Opening a port to the internet opens the door for bad actors to take advantage of. SSH commonly falls victim to Denial of Service attacks, and the ruleset outlined below can be used to limit the maximum connections per second to your SSH port.
Where:
IP Address: Your machine's IP address (where SSH is bound).
Port: The port SSH is bound to, by default 22.
Max Packets: The maximum packets you want to allow per second.
Protecting RDP (Remote Desktop)
If you're using Windows, the proper method of remote access is through the Remote Desktop Protocol (RDP). By default, RDP binds to port 3389/TCP, but much like the SSH configuration above (for Linux users) the port can be adjusted to a non-standard port to prevent undesired scans.
Firewall Rules
Much like the SSH rule, we're going to need to create a new rule allowing the RDP port (via TCP) from any host IP addresses. Note that this is not the most secure option.
If you desire to restrict RDP access to a single or series of authorized hosts (i.e., a home IP address, trusted VPN server, etc), we can create the allow rule as follows. Be sure to replace 12.34.56.78/32 with the authorized IP address.
Firewall Filters
Opening a port to the internet opens the door for bad actors to take advantage of. RDP commonly falls victim to Denial of Service attacks, and the ruleset outlined below can be used to limit the maximum connections per second to your RDP port.
Where:
IP Address: Your machine's IP address (where SSH is bound).
Port: The port RDP is bound to, by default 3389.
Max Packets: The maximum packets you want to allow per second.
That's a wrap! You've deployed the needed rules and filters to secure your remote access application (SSH and RDP).
