Re: transfer data (securely) within an protected network via RPC/SSL/...?

Mario Beutler wrote:
Hello Phillip,

perhaps my question was not exact.
Which protocol/service prefered by admins to tranfered data by my
program between client and server?

Mario

On Jan 26, 5:36 pm, "Phillip Windell" <@.> wrote:
You need to explain what you consider "insecure" is an how you would determine
that it is insecure. Being secure is relative and defined by what you are
trying to be secure "from".

The fact that Blaster used RPC doesn't have any bearing at all as to if traffic
content is "secure" running over RPC. Blaster did not attack the content of the
traffic,..it attacked the machine listening on RPC.

If this is nothing but web traffic from a webserver,..just run the site on SSL
and forget it.

--
Phillip Windell [MCP, MVP, CCNA]www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of my
employer or anyone else associated with me.
-----------------------------------------------------

"Mario Beutler" <mario.beut...@xxxxxxxxxx> wrote in message

news:1169824463.767430.109920@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hello,
Our software should transfer data between clients in a LAN.
How to transfer data (securely) within an firewall protected office
network?
The admin doesn't need to change firewall or any other settings, if
possible.
Which protocol/service prefered by admins?
- RPC (but W32 Blaster Worm uses vulnerability in RPC)
- Named Pipe (but not available if file and printer sharing is
disabled)
- TCP/IP (but in general admin have to open ports firewall manually)
- SNMP
- SSL
- SSH
Any help is highly apperciated.
Mario



A VPN connection established between the two machines should encrypt data in transit. Maybe using certificates in the VPN with a high encryption would be what you want.

Even thought the VPN connection is contained solely within the LAN, it can still be done (I've done it). Assigning a unique CIDR to that VPN connection should help keep it off the unsecured LAN CIDR.

Good Luck.
.

Relevant Pages

  • Re: [Full-Disclosure] Microsoft plans tighter security measures in Windows XP SP2
    ... In 2001 when the first RPC ... The possibility for 'more granular control' for admins on DCOM ... ICF will be enabled by default but will no longer block RPC. ... IMHO most admins would not know what to do with the features ...
    (Full-Disclosure)
  • Re: Access 2003 and Access 2000
    ... own the objects and added that user to the Admins group. ... I used the "user level security wizard" in step 14. ... new secure workgroup, I can't open it without a password. ... If I open the secured database is Access 2003, ...
    (microsoft.public.access.security)
  • Re: Access 2003 and Access 2000
    ... own the objects and added that user to the Admins group. ... I used the "user level security wizard" in step 14. ... new secure workgroup, I can't open it without a password. ... If I open the secured database is Access 2003, ...
    (microsoft.public.access.security)
  • Re: Access 2003 and Access 2000
    ... own the objects and added that user to the Admins group. ... I used the "user level security wizard" in step 14. ... secure workgroup, I can't open it without a password. ... (without opening a database) ...
    (microsoft.public.access.security)
  • Re: [Full-Disclosure] Re: Knocking Microsoft
    ... Also as for lame admins.. ... when the base OS is more secure then Windows it's not as painful ... UNIX was not made to be secure. ...
    (Full-Disclosure)
Loading