Студопедия

Главная страница Случайная страница

Разделы сайта

АвтомобилиАстрономияБиологияГеографияДом и садДругие языкиДругоеИнформатикаИсторияКультураЛитератураЛогикаМатематикаМедицинаМеталлургияМеханикаОбразованиеОхрана трудаПедагогикаПолитикаПравоПсихологияРелигияРиторикаСоциологияСпортСтроительствоТехнологияТуризмФизикаФилософияФинансыХимияЧерчениеЭкологияЭкономикаЭлектроника






Reliability






When you design the communication in your perimeter network solution, you should take into account the functionality that your router or firewall provides for filtering rules. RPC is one of the biggest considerations to take into account when you set firewall rules for domain members. You might find firewalls that are RPC-aware that allow the firewall to open ports based on previous communication though port TCP 135 (End Point Mapped), the appropriate port between the server and client that allows RPC dynamic port use.

This functionality allows greater flexibility when you configure RPC ports rules, although it may be too wide to open from a security point of view. You can choose an intermediate approach in which the router allows an RPC bind to a specific TCP port where a static RPC server is listening. This allows for the dynamic opening of the client RPC ports when servers reply. You can use this technology to avoid opening a wide range of ports in the router for RPC use. For more information see, Active Directory in Networks Segmented by Firewalls (https://go.microsoft.com/fwlink/? LinkID=45087).

The required RPC interfaces for using AD DS have been enabled for static assignment. As a result, you can now include design scenarios in which RPC interfaces are statically defined. Using this configuration, the routers in your environment can open RPC client ports on an RPC bind.

Approaches

You should enable traffic flow between the perimeter network and the corporate network by establishing filtering rules that you can use on the router firewall rules, the client firewall (Windows Firewall) rules, and the client IPsec policy. At the same time, you may have to enable integrity or encryption on the network traffic to increase the level of security. You can do this by using IPsec AH and IPsec ESP communication.

You can manage both client local Firewall and IPsec policy centrally from the Group Policy objects (GPOs) for the domain.

Technologies options

The two native Windows Server 2008 technologies that you can use for communication are IPsec and local Firewall.

IPsec

IPsec is a powerful filtering and communication tunneling tool that you can use to control the communication between pairs of computers or a group of computers. It offers levels of security and encryption that can help reduce the number of “real” ports that are used, making the configuration of router firewall rules simpler. For more information about IPsec, see IPsec (https://go.microsoft.com/fwlink/? LinkID=136017).






© 2023 :: MyLektsii.ru :: Мои Лекции
Все материалы представленные на сайте исключительно с целью ознакомления читателями и не преследуют коммерческих целей или нарушение авторских прав.
Копирование текстов разрешено только с указанием индексируемой ссылки на источник.