Jump to content
RESET Forums (homeservershow.com)

WHS Security


katardrax
 Share

Recommended Posts

Hi all!!
Been listening to the podcast since #1 and I am finally getting around to get in to the forums.

So why is WHS security never talked about? Is the environment that secure that it isn't an issue (kinda don't think so)? Really, you are opening ports on your network and allowing connections in, this is never good! I am a security professional by trade and I would love to hear some comments or a show on the subject. I have been trying to get Steve Gibson (GRC.com / TWIT Security Now) to make some comments as well.

Link to comment
Share on other sites

  • Replies 31
  • Created
  • Last Reply

Top Posters In This Topic

  • usacomp2k3

    3

  • dvn

    10

  • Removed

    9

  • katardrax

    3

You're right, that is something that isn't talked about much. I think most of us are content with not thinking about it :P

Link to comment
Share on other sites

I guess that security is covered by the https login page and a complex password. But not necessarily one of those Steve Gibson 63/64 character Perfect Passwords conglomerations. But if this is not considered secure enough, I might take an old beige box and load the free version Astaro on it. Heck, I think I might do that anyways, just to have a look.

Link to comment
Share on other sites

This reminds me of something I heard a long time ago, so I'm not sure of the details.

I heard that Microsoft offers some kind of protection when you go through the Remote Access page.

Link to comment
Share on other sites

My Servers at home are behind an ISA2006 server but it is over kill for home and I am going to drop back to something like a sonicwall or maybe just a linksys router. WHS is SBS2003 Core so I would say it is as secure as opening ports for an SBS server, which is done all the time, a few are behind enterprise firewalls but most small business will not spend $300 on a firewall much less something like ISA.

I deal with a lot of servers on different networks and most do port forwarding for email,webmail, Remote Access and the biggest issue they have is SPAM, not security issues. I see a few attempts to hack passwords thru webmail sites like exchange/owa but decent passwords and lockout policies really make this ineffective. Granted WHS does not have AD and I have not looked at WHS enough to consider lockout policies for brute force attacks on accounts yet, but as a guy who goes thru the logs of 20+ servers a month that are opening ports to the internet, I do not see this as much of an issue.

If you want to be more secure but have ports open to the internet for remote access and internal website then I would change the default ports to something non-standard. Not sure how WHS plays with being on other ports. Another trick for IIS sites is using host headers to keep people scanning by IP from accessing the site.

Just my 2 cents.

Link to comment
Share on other sites

It negates some of the benefits of WHS, but I don't have mine set of remote access with the thought that is more secure.

Link to comment
Share on other sites

@miket.mcse - If it's not too much problem, could you please explain:

Another trick for IIS sites is using host headers to keep people scanning by IP from accessing the site.

Link to comment
Share on other sites

@dvn - A lot of attacks are generated by scanning IP's looking for open ports like port 80 and 443, then trying brute force attacks with common usernames. IIS is the webserver in Windows. You can configure IIS to with Host Headers which means you have to enter the host header address like http://myserver.mydomain.com or the webserver does not respond to the request. So in essence when someone try's to hit your website using http://xxx.xxx.xxx.xxx (xxx is the ip address) the request is ignored.

I am not saying this will keep out sofisticated hackers, but it reduces the number of attack generated by simple port scanning and brute force attacks that are automated. Got to get to bed, let me know if you want to know more about host headers. they are easy to configure.

Link to comment
Share on other sites

Thanks. That's interesting, but I guess I'm a little confused.

I understand that DNS takes a readable address like

www.google.com

and sends back the corresponding numeric IP. I also know that port scanners just use IP addresses, typically in sequential order within a defined range.

So I guess I'm wondering how WHS IIS would know whether I got the IP address from DNS or I'm just using a port scanner. I guess I thought that DNS sends the corresponding IP address back to my computer and from there my browser sends off the query. So either way, the initial contact, as far as the remote server is concerned, originates from my computer/home IP. No?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×
×
  • Create New...