Just remember if you whitelist by device ID, you can't access the remote device without being in front of it and editing its whitelist first. This can be good way to keep nosey ass family from trying to spy on each other. Then only devices on each others whitelist can connect.
If you want to take whitelist a step forward, you can NOT add your account and manually add the the actual device IDs. If you followed all that, attacker would need your unique super strong account pass, your 2FA token, the device password, AND your windows password to get remote access. As more and more crap is always on the internet, this is just good advice anyway. You can also add a windows password and change setting to always lock your remote pc as well as get in the habit of just locking it anyway. This should make remote connections prompt for device password each time (make these unique too). It should list the device ID and password. One extra step I like to add is disabled "save connection password temporarily", then on each computer click the dropdown on the contacts list by that computer (it will say "this computer") and click the gear. Their Trusted Device and Data Integrity features should do a much more proactive job stopping these breaches.
Personally I expect this to just die down and nothing else come of it. If you want to be double dog sure, you can wait. All evidence points to TV NOT being hacked SO FAR. Unlikely, I'll admit, but things like this DO happen, and someone looking to pull off DNS shenanigans with a host that uses TLS would absolutely be interested in complementing it with one or more of the above.įollow this guide, and assuming they were NOT hacked, you should be safe. Getting a custom root certificate installed on a workstation is possible if users are tricked into it or have a workstation administrator who installed it so a decrypting gateway could work its magic, and the gateway would need to be improperly configured such that the mismatch in the origin's certificate doesn't grind the connection to a halt, instead proceeding to re-roll the certĪ developer of the TV client could've accidentally left in a skip-verification flag on the TLS settings (along the lines of the -insecure switch in cURL, the -no-check-certificate switch in wget, the "TLS_REQCERT never" LDAP configuration, etc.) in some rare code path such that most users have a problem with the client but those using the rare code path don't Getting a trusted certificate for a domain you don't own is extremely rare but has happened
One of the basic TLS features to to verify the end host.
0 kommentar(er)
