|
Posted by Nick Domukhovsky on April 26, 2007, 11:46 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Appologies for the x-posting but I posted this at
> microsoft.public.win2000.security and got no response so hoping for a better
> response here. :)
>
> --
> A number of our employees access our windows servers using either mapped
> drives or UNC paths with vpn. I am somewhat concerned that accessing our
> servers this way may pose a security risk as a number of viruses
> proliferate
> through network shares.
>
> The shares are password protected so users do have to authenticate to
> access
> them but as far as I know once they have authenticated, their credentials
> are cached for a period of time. Also with mapped drives in particular I
> believe login information is saved permanently.
>
> I'm wondering what others thoughts are on this matter and if anyone can
> point me to any articles that confirm or deny the risk (or lack there of)
> for using mapped drives and/or UNC paths. Finally if there is a risk, are
> there other alternatives?
>
> Thanks
> Brad
>
>
SMB (even without any file share) is dangerous by design. This core
protocol of MS Network and it has a great number of various bugs, which
allow remote code execution (most through buggy RPC interfaces). So,
first, you should implement some quarantine technique for your remote
users (to be sure, that their workstations are secured).
You can read about VPN quarantine here:
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/quarantineservices/vppgch01.mspx
Also you can implement Cisco Secure Desktop on your mobile clients:
http://www.cisco.com/en/US/products/ps6742/prod_release_note09186a00805765e3.html
--
With best regards
Nickolay Domukhovsky, MCSA
| 
XML site map