Re: Securing management access?
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Mon, 18 Feb 2008 07:19:02 -0700
The answer will also depend on just what you mean by
"management access", and on how tightly you can define
what the remote server should allow (to the public, to
ordinary users at your office, to ??).
You can for an example use IPsec to define that the server
will not communicate with any IP on any port. Overlaid
on this you can then state that encrypted traffic will be
allowed from your office management machine IP to the
server's port tcp 3389 (RDP); and, define that, as an
example, tcp 80/443 will be allowed from any IP if the
machine is a webserver, or whatever it is that should be
allowed to happen.
Some would say just turn on the firewall and define the
few needed exceptions, which is a bit less tight of an IP
communications control method.
In either case you may want to pay attention to the default
exceptions, and the specifics of what might be best for
your situation depend greatly on the version of Windows
server and what it is supposed to allow.
"JBJBJB" <JBJBJB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:793DFDED-308E-47E1-9657-2801848E60D8@xxxxxxxxxxxxxxxx
Hello Augusto,
Thanks for replying, I'll explain in a bit more detail.
I would like to manage a server that shall be hosted in a hosting center,
so
I do not have physical access to that server. Now I wonder what
infrastructure I need (firewall? VPN?...) and which settings I should use
in
order to safely manage this server from our office.
I was thinking of some scenario's:
A. Setup a VPN between our office and the server and only allow management
traffic to that server from the VPN
But this might be complex to setup (I won't know exactly how to do this).
B. Just use IP filtering to limit the source for management
This might be too simple and easy to bypass for hackers.
C. Just use Remote Desktop protocol (RDP)
Perhaps RDP traffic is encrypted by nature and using it to manage a remote
server outside our network might be sufficient. But I don't believe so
just
yet, although I can't tell the exact risks of this solution.
I hope this information is sufficient for you to get a picture of what I'm
looking for, I hope you can help me find the best and most secure
solution.
TIA,
Jeroen
"Augusto Alvarez" wrote:
Its not really clear what you need to do on your network. You want to
configure a VPN or do you want to block any access from an external
network
to your server?
--
augusto alvarez | it pro | southworks
http://staff.southworks.net/aalvarez
"JBJBJB" <JBJBJB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:78FC67BB-1245-45B9-A61E-FBC0DE22B418@xxxxxxxxxxxxxxxx
I would very much like to know how I can configure the firewall or
network
settings of a Windows 2003 server in a way that it can only be managed
and
accessed from our office. Could I use IP filtering for it and would it
suffice? Perhaps create a VPN between our office and the servers, but I
can't
find any article on how to set this up properly.
Does anyone have guideline articles on how to configure this? Perhaps
some
links to articles on how to set this up
TIA,
Jeroen
.
- References:
- Re: Securing management access?
- From: Augusto Alvarez
- Re: Securing management access?
- From: JBJBJB
- Re: Securing management access?
- Prev by Date: Re: Securing management access?
- Next by Date: Send Client Certificate
- Previous by thread: Re: Securing management access?
- Next by thread: Send Client Certificate
- Index(es):
Relevant Pages
|
|
