A poster in the newsgroup asked about the comparison of the security of Remote Web Workplace with and without ISA [Standard versus Premium].  But you see, both of them have the HOLE open.  So from a standpoint of looking at it from a ‘which one has a safer hole open’, the answer is neither.


P A S S W O R D S

That right now is probably the biggest weakness in Remote Web Workplace, in my opinion.


Both rely on users AND administrators picking GOOD passwords. 

And furthermore, don’t think ‘passwords’ think passphrases.  Are those passwords using blanks, funky characters and what not?  Remember our lessons from Dr. Jesper Johansson, here and soon to be here.  


1.  Remember that port 4125 ONLY opens up on the SBS 2003 standard and premium versions AFTER the person authenticates on the system.  Thus while you ‘can’ change it from 4125 to something else inside of RRAS interface. the port is not open 24/7 and listening.

2.  Remember too you ‘can’ have a fully functioning Remote Web Workplace with only a port 443 open all the time.  You can close down port 80.

3.  What does ISA give you that RRAS does not?  Monitoring and logging ..a LOT more monitoring and logging.  If the port is open on either the Standard or the Premium the same risk of openings are there.  However, with ISA your ‘who, what, where, when, why’ is dramatically increased.

4.  Right now I have not seen Remote Web Workplace ‘auth’ attacks and instead what we see is SMTP auth attacks.  If you have ports statically open like port 25 for mail, we are indeed seeing ‘attacks’ on these ports, especially on the administrator port.  You “can” if you like for a level of extra paranoia, follow the guidance in the first ‘to do item’ in the SBS 2003 and rename [including the description] of the admin account, setup a ‘new’ admin account and use that instead for admin access.  Personally I’ve not done that, I’ve just ensured that I have nice strong passwords on all accounts.

5.  Last but not least in full disclosure we do have ‘google’ parts but this only occurs if you’ve been stupid and opened up the ENTIRE web site.  ONLY open those pages that you need and close up what you don’t. 

 

2 Responses to So what’s the security of Remote Web Workplace?

  1. Wayne Small says:

    One other factor that most people are not aware of is that after port 4125 opens, it compares the source address for the inbound request to port 4125 with that currently active on port 443(which is the web side of the RWW interface). If they don’t match then the connection is dropped. Therefore RDP via RWW is even more secure than a direct RDP connection.

    For more information on this check out the chapter I wrote on RWW in the SMBNation book called Advanced SBS2003 Best Practices. http://www.smbnation.com will get you there.

    Wayne Small

  2. Brent Sansoucie says:

    Remember too you ‘can’ have a fully functioning Remote Web Workplace with only a port 443 open all the time. You can close down port 80.

    I would like to know how this is possible….I am very new this and have been looking for a way to have a SBS 2003 with the RWW working and a E-Commerce server on same IP…I thought that the SBS needed port 80….

    Please email any advice to bsansoucie@hotmail.com.