2
I have a Windows 2008 R2 server which is to contain sensitive documents on a small LAN. The two users who use the server do so via RDP so no documents are transferred to client workstations. During a due diligence operation, I determined that numerous services and scheduled tasks built into Windows can phone home and potentially leak data.
I would like to prevent any of these built in services from doing so if possible at a server level.
I do not have control of the firewall on the LAN unfortunately as it's a canned remotely maintained one with a lengthy contract. Control of this would be no use either as outbound HTTP is required for two RDP users on the machine.
Patches are pushed to the machine via PowerShell from a workstation. Windows update is turned off already.
I have considered Windows Firewall but I do not 100% trust its configuration tooling and I know that some services can add exceptions to the rules at runtime.
What solutions are there available to resolve this problem and is there any documentation on what potentially goes over the wire or is this a reverse engineering job?
Any help appreciated!
3
If you don't trust Microsoft and/or their operating system, you shouldn't use it. That being said, if you don't have any control over the network the machine is connected to, your best bet might be something like NetLimiter which enables fine-grained control over which processes can connect to the internet.
– Der Hochstapler – 2013-06-07T19:27:01.6671Thanks for your reply. I'm a Linux guy who has unfortunately inherited this. I'd switch it over in a heartbeat, but there are two specialist applications that run only on IIS + SQL Server. Will take a look at NetLimiter. – Chris Smith – 2013-06-07T19:30:51.297
There might be more "professional" solutions to a problem like this, but I really only have experience with NL. I would have suggested the Windows firewall otherwise, but your concerns regarding services adding exceptions are founded. If something like this is actually happening, I can't say. The only "phoning home" I'm aware of is Windows Error Reporting and the Windows Customer Experience Improvement Program (both of which can be disabled easily). If anything else is happening beyond that, I don't know. – Der Hochstapler – 2013-06-07T19:35:40.697