0

I am trying to set up a SSTP VPN service in Windows 2016. I don't want to advertise to the world that my network exists let alone that I have a running webserver, but because the SSTP service runs over HTTPS in IIS it does exactly this. Any casual hacker scanning my IP address will find a running webserver on port 443 that they can connect to and download resources from.

Is there a way to hide this from prying eyes?

userSteve
  • 1,503
  • 4
  • 20
  • 32

1 Answers1

6

You can't hide the fact that you're running IIS completely, but you can make the life of hackers more hard, here are some suggestions:

  • Run a firewall before the SSTP server for obvious reasons.
  • Change the port of SSTP from 443 to something else, this will make end client configuration a bit messy though, and won't hide the fact that you're running IIS, but could fool scanning tools looking holes in your network.
  • Make the SSTP server run only SSTP, don't host other sites on that server. (could be a VM with low resources).
  • Configure SSTP to use a strong authentication with Active Directory, so only authorized users are allowed in.
Noor Khaldi
  • 3,829
  • 3
  • 18
  • 28