Client and Server program running onto the same Windows 7 computer. Can I restrict access to the Server one via port management?

I am running Windows 7 - 64 bits.
I have a program that works in client-server mode, this is: there are, in fact, two programs (a client and a server) that runs on the same Windows computer.
The client establishes comunication with the server via 7070 TCP port.

But there is one problem: the server program runs in elevated mode, and the client program sends commands to it to be executed. So, anyone capable of executing the client program could execute admin programs (a big security flaw for some cases) sending them to the server.

The server program listen, as said, on port 7070 TCP:

C:\>netstat -ano | find "7070" /i
  TCP    127.0.0.1:7070         0.0.0.0:0              LISTENING       9804

It only listens to connections from the local machine, so the above line reads 127.0.0.1:7070 instead of 0.0.0.0:7070.

Is there any way to only allow for certain users or groups to connect to it? I don't know if this is a firewall matter, because there are not, strictly, network traffic throughout my LAN.

NOTE: For someone interested, this is the exact program. I am developing several workarounds for this security flaw (that I will possibly post at StackOverFlow forum when done), but none of them works with the network port matter.

Sopalajo de Arrierez

Posted 2014-04-01T21:34:31.737

Reputation: 5 328

Answers

Short answer: No.

Longer answer: It seems you're asking about restricting who can connect to the TCP port itself, and that's well below the level where you even have concepts like "users", "authentication", and "authorization" -- all the things you'll need to get what you're asking for. At this level you have only computers and networks.

If your application has any sort of authentication mechanism, that's the place for this kind of thing.

What you can do at this level is limit the IP addresses or IP ranges that can connect to that port via your firewall. That may accomplish the same end goal, but it's not based on "users" or "groups", but rather on "where" they're connecting from.

Alternatively, you could configure a VPN that allows only authorized users to connect to it, and then allow only users on said VPN to connect to your program. If that's the route you want to take, you'll need to Google up some setup guides, because "How do I configure a VPN" is beyond the scope of a simple Q&A site like this one.

Kromey

Posted 2014-04-01T21:34:31.737

Reputation: 4 377

You are right, @Kromey, this is just a matter of restrict who can connect to the TCP port itself. I have changed description of the problem (and even the title) to help understand the problem. Thanks. I was thinking that, as long as there are programs that report what user and what program is using what port, and programs to kill other process, there would be a mixture of this. I think I will ask at SoftwareRecs better. – Sopalajo de Arrierez – 2014-04-01T23:31:16.883