Recently, the National Cyber Incident Response Center (USOM) reported that remote management protocols such as RDP, SSH, IPMI, VNC, WinRM, SNMP, WMI are often left insecurely exposed to the internet. This uncontrolled exposure can allow unauthorized individuals to take over systems.
Risky Remote Access Services and Ports
RDP Windows Remote Desktop TCP 3389
SSH Güvenli Terminal TCP 22
IPMI / iLO / DRAC Server Hardware Management UDP 623 / TCP 443
VNC Remote Desktop Viewing TCP 5900+
WinRM / WSMan Windows Remote Management TCP 5985 / 5986
SNMP Network Management Protocol UDP 161 / 162
RPC / WMI Remote Management Protocols TCP/UDP 135 + dynamic range
RSH Remote Command Execution (Insecure) TCP 514
Recommended Security Measures
- Disable direct internet access to remote services.
- Restrict access via VPN or specific IP addresses.
- Use strong passwords and multi-factor authentication (2FA/MFA).
- Monitor port traffic with firewalls and logging systems.
- Disable unused services completely.
- Regularly operating systems and software.
Conscious Use is Vital
Cybersecurity is not only about software measures; it requires proper configuration, conscious use, and proactive monitoring. Every user is directly responsible for the security of their systems and services.
Raising public awareness, reducing common vulnerabilities, and protecting our digital assets is a shared responsibility.
For more information or technical support, please contact us.