transfer data (securely) within an protected network via RPC/SSL/...?

M

Mario Beutler

Hello,
Our software should transfer data between clients in a LAN.

How to transfer data (securely) within an firewall protected office
network?
The admin doesn't need to change firewall or any other settings, if
possible.

Which protocol/service prefered by admins?
- RPC (but W32 Blaster Worm uses vulnerability in RPC)
- Named Pipe (but not available if file and printer sharing is
disabled)
- TCP/IP (but in general admin have to open ports firewall manually)
- SNMP
- SSL
- SSH

Any help is highly apperciated.

Mario
 
P

Phillip Windell

You need to explain what you consider "insecure" is an how you would determine
that it is insecure. Being secure is relative and defined by what you are
trying to be secure "from".

The fact that Blaster used RPC doesn't have any bearing at all as to if traffic
content is "secure" running over RPC. Blaster did not attack the content of the
traffic,..it attacked the machine listening on RPC.

If this is nothing but web traffic from a webserver,..just run the site on SSL
and forget it.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of my
employer or anyone else associated with me.
 
M

Mario Beutler

Hello Phillip,

perhaps my question was not exact.
Which protocol/service prefered by admins to tranfered data by my
program between client and server?

Mario

You need to explain what you consider "insecure" is an how you would determine
that it is insecure. Being secure is relative and defined by what you are
trying to be secure "from".

The fact that Blaster used RPC doesn't have any bearing at all as to if traffic
content is "secure" running over RPC. Blaster did not attack the content of the
traffic,..it attacked the machine listening on RPC.

If this is nothing but web traffic from a webserver,..just run the site on SSL
and forget it.

--
Phillip Windell [MCP, MVP, CCNA]www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of my
employer or anyone else associated with me.
-----------------------------------------------------


Hello,
Our software should transfer data between clients in a LAN.
Click to expand...
How to transfer data (securely) within an firewall protected office
network?
The admin doesn't need to change firewall or any other settings, if
possible.
Click to expand...
Which protocol/service prefered by admins?
- RPC (but W32 Blaster Worm uses vulnerability in RPC)
- Named Pipe (but not available if file and printer sharing is
disabled)
- TCP/IP (but in general admin have to open ports firewall manually)
- SNMP
- SSL
- SSH
Click to expand...
Any help is highly apperciated.
Click to expand...
Mario
Click to expand...
Click to expand...
 
T

Tim Judd

Mario said:
Hello Phillip,

perhaps my question was not exact.
Which protocol/service prefered by admins to tranfered data by my
program between client and server?

Mario

You need to explain what you consider "insecure" is an how you would determine
that it is insecure. Being secure is relative and defined by what you are
trying to be secure "from".

The fact that Blaster used RPC doesn't have any bearing at all as to if traffic
content is "secure" running over RPC. Blaster did not attack the content of the
traffic,..it attacked the machine listening on RPC.

If this is nothing but web traffic from a webserver,..just run the site on SSL
and forget it.

--
Phillip Windell [MCP, MVP, CCNA]www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of my
employer or anyone else associated with me.
-----------------------------------------------------


Hello,
Our software should transfer data between clients in a LAN.
How to transfer data (securely) within an firewall protected office
network?
The admin doesn't need to change firewall or any other settings, if
possible.
Which protocol/service prefered by admins?
- RPC (but W32 Blaster Worm uses vulnerability in RPC)
- Named Pipe (but not available if file and printer sharing is
disabled)
- TCP/IP (but in general admin have to open ports firewall manually)
- SNMP
- SSL
- SSH
Any help is highly apperciated.
Mario
Click to expand...
Click to expand...
Click to expand...

A VPN connection established between the two machines should encrypt
data in transit. Maybe using certificates in the VPN with a high
encryption would be what you want.

Even thought the VPN connection is contained solely within the LAN, it
can still be done (I've done it). Assigning a unique CIDR to that VPN
connection should help keep it off the unsecured LAN CIDR.

Good Luck.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Expose firewall protected web apps and web services to the INTERNET securely and cost-effectively 0
RPC over HTTP Failing 1
Information about the W32.Blaster.worm 1
Can only boot WIN2kpro in Safe Mode 1
Worm information 2
Updated W32.Blaster.worm Alert 1
PSS Critical Security Alert - New Worm: Nachi, Blaster-D, Welschia 7
Brief summary: Windows Server 2003/XP Resource Kit Tools 1

Top