RPC/HTTPs Security Questions

[nsantin]

Im trying to tighten up the security of my RPC/HTTPS setup, everything is working fine from an exchange/outlook perspective.

Should I disable anonymous access to the RPC Proxy virtual directory in IIS? Currently it is set to annonymous and basic authenication, is this correct?

Also, what about the \System32\RpcProxy folder, should I limit file permissions on this folder?

What steps have others done to harden the RPC Proxy? Are there any exploits to be aware of?

 

[ShackDaddy]

Are you running with both FE and BE, or on a single server, like an SBS box? And are you really looking at a virtual directory called "RPC Proxy" or is it called "RPC"?

If it's the RPC virtual directory, normally you would only allow Basic Auth and Integrated, not anonymous.

Clarify though, and I can get you better information.

As far as the folder in System32, I belive that Users only have read access to it anyway. I'd be pretty leary of changing the defaults on the file level there. Seems to me that if you are using FBA and SSL, a person would already have to have properly authenticated to touch anything on your server.

My advice is to try each of your security changes over time in a way that is easily reversible and keep careful track.

ShackDaddy

 

[nsantin]

Hi Shackdaddy, single W2K3-SP1 server running E2K3-SP2, not SBS. Using FBA and SSL. Port forwading only port 443 to the server from the firewall for one of my IPs that is used only for remote mail (OWA and RPC/HTTPs).

I see 2 virtual directories, "RPC" and "RPCwithCert". RPCwithCert has no access permissions.

Sounds like 1st thing I need to test is removing anonymous access.