|
Posted by Roger Abell [MVP] on February 18, 2008, 9:19 am
Please log in for more thread options The answer will also depend on just what you mean by
"management access", and on how tightly you can define
what the remote server should allow (to the public, to
ordinary users at your office, to ??).
You can for an example use IPsec to define that the server
will not communicate with any IP on any port. Overlaid
on this you can then state that encrypted traffic will be
allowed from your office management machine IP to the
server's port tcp 3389 (RDP); and, define that, as an
example, tcp 80/443 will be allowed from any IP if the
machine is a webserver, or whatever it is that should be
allowed to happen.
Some would say just turn on the firewall and define the
few needed exceptions, which is a bit less tight of an IP
communications control method.
In either case you may want to pay attention to the default
exceptions, and the specifics of what might be best for
your situation depend greatly on the version of Windows
server and what it is supposed to allow.
> Hello Augusto,
>
> Thanks for replying, I'll explain in a bit more detail.
> I would like to manage a server that shall be hosted in a hosting center,
> so
> I do not have physical access to that server. Now I wonder what
> infrastructure I need (firewall? VPN?...) and which settings I should use
> in
> order to safely manage this server from our office.
>
> I was thinking of some scenario's:
> A. Setup a VPN between our office and the server and only allow management
> traffic to that server from the VPN
> But this might be complex to setup (I won't know exactly how to do this).
>
> B. Just use IP filtering to limit the source for management
> This might be too simple and easy to bypass for hackers.
>
> C. Just use Remote Desktop protocol (RDP)
> Perhaps RDP traffic is encrypted by nature and using it to manage a remote
> server outside our network might be sufficient. But I don't believe so
> just
> yet, although I can't tell the exact risks of this solution.
>
> I hope this information is sufficient for you to get a picture of what I'm
> looking for, I hope you can help me find the best and most secure
> solution.
>
> TIA,
> Jeroen
> "Augusto Alvarez" wrote:
>
>> Its not really clear what you need to do on your network. You want to
>> configure a VPN or do you want to block any access from an external
>> network
>> to your server?
>>
>>
>> --
>> augusto alvarez | it pro | southworks
>> http://staff.southworks.net/aalvarez
>>
>> >I would very much like to know how I can configure the firewall or
>> >network
>> > settings of a Windows 2003 server in a way that it can only be managed
>> > and
>> > accessed from our office. Could I use IP filtering for it and would it
>> > suffice? Perhaps create a VPN between our office and the servers, but I
>> > can't
>> > find any article on how to set this up properly.
>> >
>> > Does anyone have guideline articles on how to configure this? Perhaps
>> > some
>> > links to articles on how to set this up
>> >
>> > TIA,
>> > Jeroen
>>
>>
| 
XML Sitemap