Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 733 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to prevent default ADMIN account being accessed remotely via either VPN or WAN interface ?

J Thai

Hello everyone,

I want no external entities can access the default admin account remotely either via VPN or WAN. Has this been implemented by default or do I have to change the settings ?

Thank you in advance.



This thread was automatically locked due to age.
Parents
  • 0

    Please use the entires in the administration page.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    beside the default admin account, I have also set up another admin account with MFA activated. By unchecking all the boxes in the WAN & VPN rows, can I still access to that admin account remotely ?

    If not, then how can I do it without granting remote accessibility to the default admin account ?

  • 0 in reply to J Thai

    You should disable WAN everything. Use Central to access Webadmin in a secure manner. 

    Enable MFA for your Admin User. Enable the Password guessing as well. 

    Use a very complex password for "admin" and use SSH Keys for access the SSH internally. 

    __________________________________________________________________________________________________________________

Reply
  • 0 in reply to J Thai

    You should disable WAN everything. Use Central to access Webadmin in a secure manner. 

    Enable MFA for your Admin User. Enable the Password guessing as well. 

    Use a very complex password for "admin" and use SSH Keys for access the SSH internally. 

    __________________________________________________________________________________________________________________

Children
  • 0 in reply to LuCar Toni

    So, I get it that I can not prevent the default admin account from being accessed remotely if I allow the other one to be so, can I ? Thus, the safest way is to enforce MFA input codes for all the accounts including the default admin one ?

    In addition, how do I get the SSH keys if I am using PuTTY to access the XG's terminal ?

  • 0 in reply to J Thai

    You should disable the entire access (reduce the attack surface). Then enable MFA.

    SSH Keys can be generated by tools like puttygen. You find a lot of guides how to do this. 

    __________________________________________________________________________________________________________________

  • 0 in reply to J Thai

    I was skeptical of Sophos Central when LuCar recommended it to me, but I've come to really like it. Simple, central, secure. I would never allow any access from the WAN to any admin account, MFA or not. All it takes is one bug in the admin access (which has happened before) and you're compromised and MFA may not matter.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?