14.4. Remote Login
Users should never need remote access to their machines from outside the network. In addition, it is very doubtful that users would need remote access to their machines from within the network.
To that end, all remote access software should be disabled on workstations; this includes products like PCAnywhere, VNC, SSH, and Terminal Server. Understand that does not mean these software packages should not be installed on corporate workstations; there are very valid business reasons for using most of them. Instead, these products should not be used to allow remote access into the workstation—even from within the network.
Firewall rules will stop remote users from trying to access workstations but that does not stop them from using ...
Get The Practice of Network Security: Deployment Strategies for Production Environments now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
