Intelligent Application-layer filtering of
the traffic using ISA Server 2006 is one excellent approach to solving this problem.
Securing RPC Traffic Between Network Segments
As outlined, the problem of RPC traffic is most evident between internal network
segments. An infected or compromised client in an environment can destroy critical infrastructure
through the use of RPC exploits. On the other hand, locking down all RPC port
access between network segments severely cripples needed network functionality and
makes troubleshooting extremely difficult. Scanning RPC traffic and allowing only acceptable
RPC queries is therefore necessary.
Outlining How ISA RPC Filtering Works
ISA Server 2006 secures RPC access through the use of RPC server publishing rules, which
scan the RPC traffic for specific universally unique identifiers (UUIDs) and allows only
those UUIDs that are associated with that particular service. For example, Figure 15.1
shows some of the UUIDs (referred to as interfaces) that are utilized to allow Exchange
MAPI traffic, which utilizes RPC.
When the client is restricted to requests made to particular services, it no longer becomes
necessary to allow promiscuous queries to be made to the RPC endpoint mapper service
416 CHAPTER 15 Securing RPC Traffic
on port 135.
Pages:
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666