Solved

Upgrading Security on Server

Posted on 2013-01-22
3
351 Views
Last Modified: 2013-02-06
One of my machines is causing me to not be PCI compliant and I am not quite sure how to fix it.
One of my issues is with Remote Desktop.  I have a Win 2k3 server and it is failing because Terminal Services Doesn't Use Network Level Authentication (NLA).
How do I enable NLA on a 2003 server?
Additionally the scan flagged FTP at port 21 because FTP Supports Clear Text Authentication.  I know that I had FTP enabled before on another server and it was never flagged, so is there anyway to continue to use port 21?
0
Comment
Question by:aclaus225
  • 2
3 Comments
 
LVL 27

Expert Comment

by:Tolomir
ID: 38807292
NLA see for details: http://blogs.msdn.com/b/rextang/archive/2007/03/28/remote-desktop-6-0-network-level-authentication-not-work-on-os-prior-vista.aspx

... if you only RDP using Vista machines, you can set the third setting to turn on NLA, which should be more safe on handling your connections...

---
for ftp you should use FTPS, see for more details:

http://en.wikipedia.org/wiki/FTPS

(client and server software also listed)
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 38807311
for ftp if you need a free version use the opensource http://filezilla-project.org/index.php
Client and Server available.

It might be useful to change the service port for rdp to e.g. 19999 and ftps to 49999 to make the duration of portscans longer. there are many malware scripts in the internet probing the usual ports, like http / https / ftp / rdp
0
 
LVL 8

Accepted Solution

by:
ee_reach earned 500 total points
ID: 38807763
As of June 1st 2011, plain old FTP invalidates PCI.

For PCI, I doubt that changing the port number will be sufficient since it would still use plain text.

You can use ftps or sftp instead of ftp.  On Win2k3 you cannot do this natively in windows.  You will need a third party app.

To avoid confusion, I mention the difference between sftp and ftps, which are two incompatible protocols.

SFTP (Secure File Transfer Protocol) uses SSH to allow you to establish a secure connection before initiating FTP or SCP processes on the server. You can read more about SFTP here: http://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol.  

FTPS is an extension of FTP that allows security via encryption using TLS / SSL. You will also have to choose between implicit and explicit, etc.   You can read more about FTPS here: http://en.wikipedia.org/wiki/FTPS

On Win2k3,either protocol will require a thirdy-party product.  

For SFTP, we use WinSSHD by bitvise.  We have found it to be an excellent product, reasonably priced, with superb support.  You can try it for free for 30 days: http://www.bitvise.com/winsshd.html

For FTPS, you will need an SSL cert along with server software.  Commonly used freeware is server zilla, downloadable here: http://filezilla-project.org/download.php?type=server  
They mention that they support XP, Vista, and Win7.  No mention as to whether they still support Win2003 and since I no longer have a Win2k3 server, I cannot validate that for you.

Before you settle on a solution, you may want to check whether either or both third-party products are PCI compliant, etc.

Hope this helps.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
This video discusses moving either the default database or any database to a new volume.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now