Secure traffic between 2 desktops

Hi Experts,
I was hoping for some advice.

This is the setup we have - we have an application running on a Windows 10 machine that sends TCP traffic to another Windows 10 machine. The 2 machines are in the same subnet but are not in a domain. Neither are allowed access to the internet.

We need to encrypt the traffic between the 2 machines to prevent a 'man in the middle attack'. Can you please advise on the best method to achieve this? We can use third party software but cannot change our application. The current method we're exploring is an IPsec tunnel between the machines but have yet to get this to work.

Thanks in advance
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

This depends on the kind of traffic. If you access shares of the other machine, it is SMB traffic and that would be encrypted by default between Win10 machines.
John TsioumprisSoftware & Systems EngineerCommented:
I want to ask 2 two machines are they on your premises ?
SupahoopAuthor Commented:
Hi both,
Thanks for getting back to me

Not we're not using shares unfortunately.

Yes both machines are on our premises

Many thanks
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

John TsioumprisSoftware & Systems EngineerCommented:
So how exactly there is the chance for man in the middle ?...are they connected via wireless or cable ?
"Not we're not using shares unfortunately." - so what are you using?
SupahoopAuthor Commented:
Connected by cables via switch

pushing the traffic via certain ports to a 'listener' application on the second desktop.
John TsioumprisSoftware & Systems EngineerCommented:
And the man in the middle attack is supposed to happen how ?....the only viable way is to have a managed  switch with port mirroring you lock physically the rack and thus you prevent the attack...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I agree with John. Doing attacks that can do without the switch mirroring port is not easy and will definitely be noticed at the client due to a massive slowdown not only of network traffic but of also of working on the machine. The risk is low when there's no accessible mirroring port involved.

Of course you could also go another route: install wifi cards into the machines and use wireless encryption, give the key to no one else
John TsioumprisSoftware & Systems EngineerCommented:
If the machines are less than 100m you can use a crossover cable to connect between them and do some kind on enclosing so none has access (at least without causing severe and noticeable damage)
Natty GregIn Theory (IT)Commented:
If both machines are on the same premises and you are worried about MIM attack you must not trust your employees/co-workers. The methods employed above is sufficient.
SupahoopAuthor Commented:
Hi all,
We ended up using OpenVPN in bridged mode.

Thanks for all your help
Supahoop, you should close the question and award points according to what were helpful comments.
John TsioumprisSoftware & Systems EngineerCommented:
The question left a lot to speculate..comments were correct
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.