aclaus225
asked on
Upgrading Security on Server
One of my machines is causing me to not be PCI compliant and I am not quite sure how to fix it.
One of my issues is with Remote Desktop. I have a Win 2k3 server and it is failing because Terminal Services Doesn't Use Network Level Authentication (NLA).
How do I enable NLA on a 2003 server?
Additionally the scan flagged FTP at port 21 because FTP Supports Clear Text Authentication. I know that I had FTP enabled before on another server and it was never flagged, so is there anyway to continue to use port 21?
One of my issues is with Remote Desktop. I have a Win 2k3 server and it is failing because Terminal Services Doesn't Use Network Level Authentication (NLA).
How do I enable NLA on a 2003 server?
Additionally the scan flagged FTP at port 21 because FTP Supports Clear Text Authentication. I know that I had FTP enabled before on another server and it was never flagged, so is there anyway to continue to use port 21?
for ftp if you need a free version use the opensource http://filezilla-project.org/index.php
Client and Server available.
It might be useful to change the service port for rdp to e.g. 19999 and ftps to 49999 to make the duration of portscans longer. there are many malware scripts in the internet probing the usual ports, like http / https / ftp / rdp
Client and Server available.
It might be useful to change the service port for rdp to e.g. 19999 and ftps to 49999 to make the duration of portscans longer. there are many malware scripts in the internet probing the usual ports, like http / https / ftp / rdp
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
... if you only RDP using Vista machines, you can set the third setting to turn on NLA, which should be more safe on handling your connections...
---
for ftp you should use FTPS, see for more details:
http://en.wikipedia.org/wiki/FTPS
(client and server software also listed)