transfer data (securely) within an protected network via RPC/SSL/...?

[Mario Beutler]

Hello,
Our software should transfer data between clients in a LAN.

How to transfer data (securely) within an firewall protected office
network?
The admin doesn't need to change firewall or any other settings, if
possible.

Which protocol/service prefered by admins?
- RPC (but W32 Blaster Worm uses vulnerability in RPC)
- Named Pipe (but not available if file and printer sharing is
disabled)
- TCP/IP (but in general admin have to open ports firewall manually)
- SNMP
- SSL
- SSH

Any help is highly apperciated.

Mario

 

[Phillip Windell]

You need to explain what you consider "insecure" is an how you would determine
that it is insecure. Being secure is relative and defined by what you are
trying to be secure "from".

The fact that Blaster used RPC doesn't have any bearing at all as to if traffic
content is "secure" running over RPC. Blaster did not attack the content of the
traffic,..it attacked the machine listening on RPC.

If this is nothing but web traffic from a webserver,..just run the site on SSL
and forget it.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of my
employer or anyone else associated with me.

 

[Mario Beutler]

Hello Phillip,

perhaps my question was not exact.
Which protocol/service prefered by admins to tranfered data by my
program between client and server?

Mario

You need to explain what you consider "insecure" is an how you would determine
that it is insecure. Being secure is relative and defined by what you are
trying to be secure "from".

The fact that Blaster used RPC doesn't have any bearing at all as to if traffic
content is "secure" running over RPC. Blaster did not attack the content of the
traffic,..it attacked the machine listening on RPC.

If this is nothing but web traffic from a webserver,..just run the site on SSL
and forget it.

--
Phillip Windell [MCP, MVP, CCNA]www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of my
employer or anyone else associated with me.
-----------------------------------------------------

Hello,
Our software should transfer data between clients in a LAN.

How to transfer data (securely) within an firewall protected office
network?
The admin doesn't need to change firewall or any other settings, if
possible.

Which protocol/service prefered by admins?
- RPC (but W32 Blaster Worm uses vulnerability in RPC)
- Named Pipe (but not available if file and printer sharing is
disabled)
- TCP/IP (but in general admin have to open ports firewall manually)
- SNMP
- SSL
- SSH

Any help is highly apperciated.

Mario

 

[Tim Judd]

Hello Phillip,

perhaps my question was not exact.
Which protocol/service prefered by admins to tranfered data by my
program between client and server?

Mario

You need to explain what you consider "insecure" is an how you would determine
that it is insecure. Being secure is relative and defined by what you are
trying to be secure "from".

The fact that Blaster used RPC doesn't have any bearing at all as to if traffic
content is "secure" running over RPC. Blaster did not attack the content of the
traffic,..it attacked the machine listening on RPC.

If this is nothing but web traffic from a webserver,..just run the site on SSL
and forget it.

--
Phillip Windell [MCP, MVP, CCNA]www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of my
employer or anyone else associated with me.
-----------------------------------------------------

Hello,
Our software should transfer data between clients in a LAN.
How to transfer data (securely) within an firewall protected office
network?
The admin doesn't need to change firewall or any other settings, if
possible.
Which protocol/service prefered by admins?
- RPC (but W32 Blaster Worm uses vulnerability in RPC)
- Named Pipe (but not available if file and printer sharing is
disabled)
- TCP/IP (but in general admin have to open ports firewall manually)
- SNMP
- SSL
- SSH
Any help is highly apperciated.
Mario

A VPN connection established between the two machines should encrypt
data in transit. Maybe using certificates in the VPN with a high
encryption would be what you want.

Even thought the VPN connection is contained solely within the LAN, it
can still be done (I've done it). Assigning a unique CIDR to that VPN
connection should help keep it off the unsecured LAN CIDR.

Good Luck.