How to Block RDP Using Symantec Critical System Protection (SCSP) 5.2
|Article:TECH115345|||||Created: 2009-01-28|||||Updated: 2009-01-18|||||Article URL http://www.symantec.com/docs/TECH115345|
Which Policy do I use and how do I configure it?
Can't block RDP
This is in reference to the Policy ... "sym_win_protection_core_sbp v5.2.0 r386".
The global rules in the policy are processed after the"Local" and "Group" rules. RDP (3389), [Remote Desktop Protocol] is handled by the ServiceOptions/Core OS Service Options/Terminal Services (termsrv_ps) options. From here go to Advanced Options/Network Controls/Inbound/Components/inbound hosts list/termsrv inbound address list, (See Illustration Below).
Under the termsrv inbound address list is an "ANY" followed by the Global inbound hosts component.
This "ANY" is allowing the connection from any hosts to be accepted. Please "Remove" the "ANY" hosts component. This will then restrict the connections to only the hosts allowed in the global inbound address list,"component" .
If you need to really lock it down, remove the global incoming hosts list from the terminal services incoming hosts list and add just the addresses that are to be allowed.
Policy: sym_win_protection_core_sbp v5.2.0 r386
Article URL http://www.symantec.com/docs/TECH115345