How can I prevent Windows Server 2008 R2 from phoning home?
I have a Windows 2008 R2 server which is to contain sensitive documents on a small LAN. The two users who use the server do so via RDP so no documents are transferred to client workstations. During a due diligence operation, I determined that numerous services and scheduled tasks built into Windows can phone home and potentially leak data.
I would like to prevent any of these built in services from doing so if possible at a server level.
I do not have control of the firewall on the LAN unfortunately as it's a canned remotely maintained one with a lengthy contract. Control of this would be no use either as outbound HTTP is required for two RDP users on the machine.
Patches are pushed to the machine via PowerShell from a workstation. Windows update is turned off already.
I have considered Windows Firewall but I do not 100% trust its configuration tooling and I know that some services can add exceptions to the rules at runtime.
What solutions are there available to resolve this problem and is there any documentation on what potentially goes over the wire or is this a reverse engineering job?
Any help appreciated!
I have a Windows 2008 R2 server which is to contain sensitive documents on a small LAN. The two users who use the server do so via RDP so no documents are transferred to client workstations. During a due diligence operation, I determined that numerous services and scheduled tasks built into Windows can phone home and potentially leak data.
I would like to prevent any of these built in services from doing so if possible at a server level.
I do not have control of the firewall on the LAN unfortunately as it's a canned remotely maintained one with a lengthy contract. Control of this would be no use either as outbound HTTP is required for two RDP users on the machine.
Patches are pushed to the machine via PowerShell from a workstation. Windows update is turned off already.
I have considered Windows Firewall but I do not 100% trust its configuration tooling and I know that some services can add exceptions to the rules at runtime.
What solutions are there available to resolve this problem and is there any documentation on what potentially goes over the wire or is this a reverse engineering job?
Any help appreciated!
No comments:
Post a Comment