Re: How Do You Build Firewall Rules to Restrict RPC Traffic?

From: "Will" <westes-usc@xxxxxxxxxxxxxx>
Date: Tue, 18 Oct 2005 15:55:17 -0700

"Phillip Windell" <@.> wrote in message
news:eXLQrCB1FHA.1264@xxxxxxxxxxxxxxxxxxxxxxx
> But back on the original design issue,...If you have two internal
interfaces
> as I described then there is nothing to protect RPC from to begin with and
> this is kind of pointless. Internal Networks (no matter how many you
have)
> are not exposed to the Internet, so RPC is never exposed to the Internet.
> The Access Rule between two external segments should allow everything in
> most cases unless there is a specific reason to restrict specific things
for
> specific purposes. In other words it is no different than if you had a
> reguler LAN Router between the two private segments and never even had a
> connection to the Internet at all.

The worst security risks on most networks are not from the outside coming
in. They are from the inside looking out. You hire a contractor and he
tries to install his software on a a domain controller and change security
there outside of group policy. You go to a web site and unintentionally
download an Active X control that installs a virus that starts to look
around your network and attacks anything it can find, including your domain
controllers.

You can certainly harden machines, and to some degree you should, but that's
not a cost effective thing to do in most cases. There are endless security
holes and security risks and who can keep up with them all. What I have
found does work however is to isolate machines that perform certain
functions behind their own segments on a firewall and configure the firewall
to restrict access to those machines in a way that suits their use. For
our network, the domain controller will be used to authenticate, perform DNS
lookups, and do group policies and all things associated with SYSVOL.
That's it. I'm not letting anyone inside or out talk to those domain
controllers on any ports other than the ones required for mandatory domain
controller functions.

I'll post the solution to the problem of how to restrict RPC access when/if
I find one.

--
Will

.

References:
- Re: How Do You Build Firewall Rules to Restrict RPC Traffic?
  - From: Will

Prev by Date: Re: ISA2K4 SP1 Broke VPN
Next by Date: Re: internet access
Previous by thread: Re: How Do You Build Firewall Rules to Restrict RPC Traffic?
Next by thread: Re: error 502 for https sites with non standard port
Index(es):
- Date
- Thread

Relevant Pages

Re: rpc over hhtps
... "Allow access to only the following Web site services from the Internet", ... Does this item enough to work outlook RPC over HTTP? ... Should i put DNS enty for Exchange server? ...
(microsoft.public.windows.server.sbs)
Re: Does Microsoft Need a New Source Code for the Future?
... RPC, and/or not expose RPC to network surfaces (especially ... this into Internet exposure, and then rely on a firewall as a band ... I can disable RPC in Windows and still run software, ... Svyatoslav Pidgorny, MS MVP - Security, MCSE ...
(microsoft.public.security)
Re: RPC shuts down my computer
... RPC is attacked by Blaster and Welchia worms. ... Every time I get on internet, ... > Know that even if you have the normal updates for Norton, ... > Note that Microsoft is not sending you patches in emails nor should you EVER ...
(microsoft.public.windowsxp.general)
Re: Enabling logging on IPC$ share ?
... You should hope to see no access from the internet to a domain ... controller unless this is a intrusion detection project on a non production DC. ... events will give you the most information in conjunction with firewall logs. ... I have enabled all kinds of logging, ...
(microsoft.public.win2000.security)
Re: DCI2 Network stack.
... have since found a DCI2 copy of FreeNet within!AcornetF. ... and it looks like EtherP doesn't like my ethernet card. ... DeltaNet FTP on the RPC and FTPc on the A4. ... network, nor the internet. ...
(comp.sys.acorn.networking)