Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to prevent default ADMIN account being accessed remotely via either VPN or WAN interface ?

Hello everyone,

I want no external entities can access the default admin account remotely either via VPN or WAN. Has this been implemented by default or do I have to change the settings ?

Thank you in advance.



This thread was automatically locked due to age.
Parents Reply
  • So, I get it that I can not prevent the default admin account from being accessed remotely if I allow the other one to be so, can I ? Thus, the safest way is to enforce MFA input codes for all the accounts including the default admin one ?

    In addition, how do I get the SSH keys if I am using PuTTY to access the XG's terminal ?

Children
  • You should disable the entire access (reduce the attack surface). Then enable MFA.

    SSH Keys can be generated by tools like puttygen. You find a lot of guides how to do this. 

  • I was skeptical of Sophos Central when LuCar recommended it to me, but I've come to really like it. Simple, central, secure. I would never allow any access from the WAN to any admin account, MFA or not. All it takes is one bug in the admin access (which has happened before) and you're compromised and MFA may not matter.