Summary
“Here is a list,” Raymond Perez said as he handed me an after-action report. “This is our guidance based on the latest incident.”
It was turned to a page with recommendations on how to better secure Remote Desktop.
I read a few aloud and nodded.
“Change the default port. Restrict access to the port to a small group of users.”
If I could turn back time, I remember thinking, I’d put all this guidance from our managed incident response provider on a to-do list, right alongside properly auditing our Active Directory environment after the SadG0at attack and rewatching Battlestar Galactica for the first time. But I can’t turn back time—it only moves forward, even when it seems to repeat itself.