I've just put my new server up on an IP address with a domain pointing to it. I need to be able to remote admin it. I've opened the firewall for Remote Desktop and HTTP traffic. Is this going to be secure enough? I guess I should probably rename the administrator user...
The absolute minimum you should do is change the Remote Desktop port, change the Admin username, and have a very strong admin password.
Should be sufficient, as long as you use a crazy-complex password for the admin account, and make sure your http server is security-patched and up-to-date.
Also, I hope firewall != Windows Firewall.
Edit: +1 for EHaskin's suggestion of changing RD port, if only to reduce the bruteforce spam that your FW will have to endure, but never think that security == obscurity.
Any chance you can set up your server as a VPN endpoint? Then you would only have the VPN ports and the HTTP ports open. When you want to RDP to the server, you would connect to the VPN first and then you're good to go.
Only reason is, if my memory serves me right, RDP traffic is not encrypted.
This is how I run my IIS server at home, works very well.
Windows Server 2008 supports VPN capabilities. You can configure your remote access policies by using the Network Policy and Access Services. I believe this needs to be installed as a role before you can use it. Also, simply changing the RDP port on your firewall will not prevent an experienced hacker from still getting to your server. A simple port scan would reveal open ports.
Related
I have Linux server with SSH enabled and I want to allow only my mobile phone to access it from anywhere and any network.
I tried to make a Firewall rule to allow specific IP but the thing is my mobile's IP Changes continuously.
So what is the procedure to perform this task?
I tried firewall rule to prevent all IPs.
I tried Fail2ban to ban all IPs that enter wrong password but it
blocks huge number of IPs which will affect system's performance.
It'll be difficult unless you figure out a way to expose an api via https from your sever that can change deny/allow rule when your mobile IP changes. I personally don't know of anything like that... I just use openvpn for my mobile to connect and I ssh to remote systems.
I deployed a testing website on my host and want to access from VM.
I setup a network connection and both are connected to a home group.
I can share files form one to another using share folder.
I assigned IP to my website so that I may be able to access using its IP.
When I brows at local using IP. it run perfect.
But when I brows from VM. It gives me error This site can't be reached.
in your VM environment, you need to check networking configurations and permissions.
could be a lot of things, if you could add a picture it would be easier to tell you. if you can't, see if your connection is bridged or not.
also, a good thing to check is that your router has an open port for your VM and allows another connection inside your subnet.
The problem is solved. I dig out and taken 3 steps. and my issue is solved.
I Turn off my windows firewall on host.
Authentications:
i) In IIS I click on Authentication.
ii) Anonymous Authentications Enabled.
IP Address and Domain Restrictions:
In IIS Click on IP Address and Domain Restrictions and Add IP address of VM or
any PC
from where I want to access.
and now it worked.
I have a free account on Azure through Microsoft Imagine and I make sample windows app; just send name to a database and it works correctly, but the problem is when I set the server firewall and add my IP if my IP changed, my app doesn't work till adding my new IP.
Is there any way to solve this problem.
You can either open up azure to allow ALL IP addresses or pay for an ISP that offers a static IP address.
If you opened up the firewall, then I suggest you add to what your sending a password or something so that the server knows it's you. If it's really important, then also think about encryption of that message.
I work in a very large, bureaucratic organization and I'm trying to pitch a simple (local) web interface to my team. Given extensive firewall and domain security, I am wondering if this is even possible.
My question is: From a network security perspective, what might prevent IIS from allowing connections from other users on my network?
I believe IIS uses port 80 for default traffic, but it isn't listed as "Listening" when I run netstat -a through command prompt. I do have other ports listening but my fear is they are strictly monitored. Our organization also restricts connectivity between users to shared directories, so I'm wondering if that impacts anything like Windows Authentication in IIS.
I have very little network security experience so thank you in advance to anyone who can shed some light on this!
what might prevent IIS from allowing connections from other users on my network?
local firewall (GPO)
more GPOs regarding IIS or services in general
switch ACLs
switch port privacy
firewall rules
If your company has a network service policy you shouldn't try to circumvent it. It might put your job in danger.
I have a major problem and I am at my wit's end. First, I added my IP (like 172.32.1.0/255.255.255.0) to allow access for ssh, whm and cpanel in WHM -> Host Access Control. Then, I added all IP to deny access for them. However, after saved changes, I lost access all of them. Now, If I try to login WHM, I see that:
HTTP error 401
You do not have permission to access this page.
Also, I cannot access SSH. I don't know what to do. Maybe if I restart server, the problem will be solved? Please help me. Thank you.
A few possible options here.
Contact your web host support and ask them to whitelist your IP or turn off HAC - whichever option you prefer.
Go to the nearest WiFi hotspot, connect from there, remove your IP in HAC.
Use VPN to connect to your server.
Ask someone you know and trust to log in and remove your IP (guide him/her via Skype screen sharing if needed).
You will have to contact your server provider to edit /etc/hosts.allow and /etc/hosts.deny file, OR if you have KVM access, then you can edit it through KVM console