Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 361
  • Last Modified:

Upgrading Security on Server

One of my machines is causing me to not be PCI compliant and I am not quite sure how to fix it.
One of my issues is with Remote Desktop.  I have a Win 2k3 server and it is failing because Terminal Services Doesn't Use Network Level Authentication (NLA).
How do I enable NLA on a 2003 server?
Additionally the scan flagged FTP at port 21 because FTP Supports Clear Text Authentication.  I know that I had FTP enabled before on another server and it was never flagged, so is there anyway to continue to use port 21?
0
aclaus225
Asked:
aclaus225
  • 2
1 Solution
 
TolomirAdministratorCommented:
NLA see for details: http://blogs.msdn.com/b/rextang/archive/2007/03/28/remote-desktop-6-0-network-level-authentication-not-work-on-os-prior-vista.aspx

... if you only RDP using Vista machines, you can set the third setting to turn on NLA, which should be more safe on handling your connections...

---
for ftp you should use FTPS, see for more details:

http://en.wikipedia.org/wiki/FTPS

(client and server software also listed)
0
 
TolomirAdministratorCommented:
for ftp if you need a free version use the opensource http://filezilla-project.org/index.php
Client and Server available.

It might be useful to change the service port for rdp to e.g. 19999 and ftps to 49999 to make the duration of portscans longer. there are many malware scripts in the internet probing the usual ports, like http / https / ftp / rdp
0
 
ee_reachCommented:
As of June 1st 2011, plain old FTP invalidates PCI.

For PCI, I doubt that changing the port number will be sufficient since it would still use plain text.

You can use ftps or sftp instead of ftp.  On Win2k3 you cannot do this natively in windows.  You will need a third party app.

To avoid confusion, I mention the difference between sftp and ftps, which are two incompatible protocols.

SFTP (Secure File Transfer Protocol) uses SSH to allow you to establish a secure connection before initiating FTP or SCP processes on the server. You can read more about SFTP here: http://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol.  

FTPS is an extension of FTP that allows security via encryption using TLS / SSL. You will also have to choose between implicit and explicit, etc.   You can read more about FTPS here: http://en.wikipedia.org/wiki/FTPS

On Win2k3,either protocol will require a thirdy-party product.  

For SFTP, we use WinSSHD by bitvise.  We have found it to be an excellent product, reasonably priced, with superb support.  You can try it for free for 30 days: http://www.bitvise.com/winsshd.html

For FTPS, you will need an SSL cert along with server software.  Commonly used freeware is server zilla, downloadable here: http://filezilla-project.org/download.php?type=server 
They mention that they support XP, Vista, and Win7.  No mention as to whether they still support Win2003 and since I no longer have a Win2k3 server, I cannot validate that for you.

Before you settle on a solution, you may want to check whether either or both third-party products are PCI compliant, etc.

Hope this helps.
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now