Re: Win2k3 Web Edition, where is the protection?

From: Bill Sanderson (Bill_Sanderson_at_msn.com.plugh.org)
Date: 01/31/04 

Date: Sat, 31 Jan 2004 14:15:14 -0500

Hmm- you know that RDP is encrypted--RC4 128 bit between XP Pro and 2k3, by
default.
Not that adding IPSec isn't a bad idea, but encryption is already there.

"RoChess" <anonymous@discussions.microsoft.com> wrote in message
news:7212BC83-B002-4E56-8B27-655654CF490E@microsoft.com...
> I have a feeling that IPSec isn't the solution. What question were
> you
> originally asking that want to answer with IPSec? Are you trying to
> find a
> secure way to do remote administration?
>
> Yeah, trying to secure RDP via encryption. I've already put it on a custom
> port and the firewall is only allowing access to that custom port based on
> the IP range I selected, so it's pretty protected, I just wanna cover the
> hops inbetween against sniffers.
>
> You can ignore the rest of this. Some strange compulsion made me
> respond
> with the rest of this even though I'm 99% sure that it's a wild goose
> chase.
>
> Sometimes a chase opens new thoughts, that's what I like about these
> threads we are having.
>
> Just trying to make the server as secure as I know how.
>
> - SSL Webmail will be used for mail access over the web.
> - Serv-U FTP Server is enforcing usage of SSL/TLS encryption.
> - TinySoft Firewall to filter RDP on my IP range and secure the box.
> - Disabled FP/WebDav/etc to limit IIS exposure.
> - Disabled as much services as possible.
>
> The only things that are not as secure as I'd like them to be are
> POP3/SMTP, am awaiting update on MailEnable to support SSL. I might switch
> back to the simple POP3 service that comes with Win2k3, because at least
> it supports APOP (unless you can think of a GPL/Free solution that
> supports either SSL and/or APOP).
>
> And on my todo list is finding a way to do automatic integration of PGP
> into the mail system. That and testing out how to make EFS to work with
> the IUSR_*, like we talked about in another thread.
>
> And if you can think of anything that might further help secure the box,
> I'm open to any suggestion.
>
> 100% secure will never be possible, but I wanna get as close to it as
> possible.
>
> Ron

Relevant Pages

  • Re: Win2k3 Web Edition, where is the protection?
    ... You said exactly what I would have anyway - RDP ... Not that adding IPSec isn't a bad idea, but encryption is already ... Using the RDP client included with XP Pro or XP Home (or ...
    (microsoft.public.security)
  • Re: 3DES versus SHA-1
    ... I assume you are thinking of implementing IPsec between the sites ... in order to secure all of that traffic... ... SHA1 is a hashing algorithm, not an encryption algorithm. ...
    (Security-Basics)
  • Re: Remote Administration (Securely w/out using Terminal Services)
    ... Use a L2TP/IPSec VPN to the server then RDP through the tunnel. ... RDP is encrypted but the VPN and RDP solution is possibly a little more secure but not much. ... You also can use a firewall to restrict what IP's to accept RDP from and use a 3rd party two factor authentication to make RDP very secure. ... I don't want to use RDP due to it's lack on encryption on the pipe ...
    (microsoft.public.windows.server.general)
  • Re: Unbreakable Encryption ? Scenarios - What encryption method would be best?
    ... DES is a well-known algorithm so there are good reasons to have a good ... > risk it by storing one of the best possible passwords (or encryption ... > Ok lets say there will be a secure channel but it will happen only ... > because the decrypting method yielded a plain text message and vice ...
    (sci.crypt)
  • Re: [fw-wiz] Re: Firewalls breaking stuff: [Was re: fwtk]
    ... > access to the mail server's private keys and thus the monitor can follow the ... > in a way that's more secure rather than less secure. ... for service level encryption versus VPN access. ... >> reducing bugs reduces the number of sever bugs. ...
    (Firewall-Wizards)