It doesn??™t
take too much probing of the default RPC endpoint mapping port to retrieve sensitive
information about which RPC interfaces are available.
The fact that RPC was so powerful, yet so insecure, brought many organizations face to
face with a dilemma: They could allow the RPC access and expose themselves to threats
and exploits, or they could block access to it, and limit the productivity advances that IT
technologies could provide them. A solution that provided for secure RPC access became
necessary, which gave rise to the RPC filtering capabilities of ISA Server.
Outlining RPC Exploits
The world became uniquely acquainted with the power and destructive capabilities of RPC
with the release of the Blaster worm a few years back. Blaster took advantage of a
Microsoft security hole in the Windows Distributed Component Object Model (DCOM)
Remote Procedure Call (RPC) interface, which effectively allowed a remote hacker to use
415 Securing RPC Traffic Between Network Segments
15
an exposed RPC port to take over a server remotely. These types of exploits take advantage
of the fact that a ???bare??? RPC interface that is opened on a server effectively has all ports
from 1024 to 65536 open, leaving a much larger surface area exposed.
Pages:
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664