Welcome to Part 10 of Securing Your WHS & Network which identifies the risks and benefits of using the Internet to share private and personal information. It is extremely important to protect your privacy by securing this information as a safeguard against identity theft. It is also important that the Internet be used for social networking. As a result, a delicate balance of restrictions and permissions must be maintained.
Methods of protecting your personal information as it travels across the Internet are explained. Also, an explanation of how to protect your information if you are using a public computer is provided.
An important feature of the Windows Home Server network is that it can be configured to increase the security of your files. We include an explanation of how to configure the router's HTTPS rule, how to configure the user's remote access and the home server's secured domain, as well as the configuration to address threats and attacks from the internet.
There are situations when a normal HTTP Internet session cannot provide an adequate level of security when sensitive non-public information needs to be transmitted. In this case HTTPS or hyper text transfer protocol over secure socket layer is available. This protocol provides more protection of the data because all sensitive data is first encrypted at one end of the connection and decrypted at the other end.
An example could be when accessing bank account information, the bank's server encrypts the sensitive data and the browser decrypts the data. This also applies for on-line shopping transactions when credit card and other personal information are sent by the user's browser. The browser encrypts the data and is sent to the merchant's server.
We discussed in Part 7 how email is used to lure the recipient to a website that is masquerading as a legitimate website. This type of website can be made to look very similar to the legitimate site. So, how can a person distinguish a legitimate website from one that is a forgery?
HTTPS uses a system that is based on trust relationships. Because the interaction with a website is electronic, traditional methods such as physical verification cannot be done. The trust relationship used by HTTPS starts with obtaining a certificate that electronically verifies that the website is legitimate.
This certificate is signed by an independent party who verifies that the holder of the certificate is who they claim to be. This is similar to having a legal document Notarized. The Notary witnesses the signing and verifies by comparing with other forms of identification that the signatures match. The information contained within the certificate is used as the basis of encrypting and decrypting data sent through the Internet.
There are three classes of certificates. All three provide for encryption but the level of trust varies significantly.
While the HTTPS protocol is more secure than HTTP, the actual level of protection depends on how the writers of the browser and server software implement the encryption algorithm. This implies that slight differences between browser and server software can expose vulnerabilities with the way the data is encrypted.
It is common to enter a website using the HTTP protocol. When viewing products at an on-line retailer or general services offered by banks, credit card companies, and investment companies there is no need to secure the information. This type of information is generic information that is available to the public, so HTTP is the appropriate protocol to use.
It is important that once you enter the area of the website that contains log on, sensitive, financial, and personal information that the connection changes from HTTP to HTTPS. Internet Explorer identifies HTTPS connections by displaying a lock icon in the address bar. Depending on the validity of the certificate the background color of the address bar changes color.
The following is an example of a website with a Class 3 certificate and uses extended validation. To view the website information, click on the lock icon. Click the View certificates hotspot to see full details of the certificate.
When conducting personal, financial, or business transactions, make sure that the browser identifies that the website is secure. If the address bar background is red or yellow or if the lock icon does not display, stop and do not enter any personal information. It is possible that a forgery of the legitimate website has been accidently entered. Or the website is legitimate and the host site is not making an effort to maintain the privacy of your personal information. Either way, you should not continue to access the website.
Make sure you are using a HTTPS connection before entering log on and password information. Many sites, including credit card companies, offer a log on area on their public website. If the web page for http://www.creditcard.com has a log on area, do not enter your user name and password. Instead, click the Log In button and a log on page that uses HTTPS displays so that your user name and password are encrypted.
Even though transactions at a secure website are encrypted, it is possible to disclose the address of the website visited. A hacker determined to access your information can gather these addresses. Also, a history of websites visited is retained on the computer.
Part 9 identified the risks and vulnerabilities that are associated when computers that are available to the public are used when browsing non-sensitive information. We do not recommend that public computers be used for transactions that require a secure connection.
If you find that it absolutely necessary to use a public computer, we highly recommend to perform all the personal security methods we identified in Part 9. Make sure that options such as "Remember User ID" or "Keep me signed in" is avoided. Finally, when finished using the computer, delete the browsing history.
As explained in Part 9, when hosting a website there must be a boundary between the general non-sensitive and sensitive, personal, or proprietary information. There are ways that a website can be secured. In this blog we have been focusing on using the HTTPS protocol to encrypt data and validate the legitimacy of the website.
Acquiring security certificates can be expensive and beyond the budget of home and small businesses. For example, the cost ranges from $20 to $1,500 per year per certificate in the US. Pricing depends on the certifier, country, type of certificate, and cipher strength.
Another security method is by using access control. This is based on a user account name and password to enter a restricted are of the website. Using this method, the HTTP protocol is used; therefore, all traffic is not encrypted. The strength of access control is compromised by the password. Part 4 identified the concept of strong password security. The password should include numbers and randomly capitalized letters. Avoid using passwords that can be easily guessed like names, address, hobby, license plate, etc. The password should be used only by the person associated with the user account.
The Windows Home Server can provide secured access to your data via a secured website by using both encryption and access control. There are several prerequisites to enable this service. The following are performed in the WHS Console.
Enable Remote Access for each user that is authorized to remotely access the WHS. We recommend that the user's remote access be limited to the shared folders on the WHS. Click the Enable remote access for this user. option and select the Allow access to shared folders only. option. The user should use a strong password ad described in Part 4. Make sure the Guest account is Disabled. The following in an example of configuring a user account for remote access.
Open the WHS Settings and click the Remote Access option. Make sure the IP addresses displayed in the Router section for the router and home server are correct. If there is a problem, click the Repair... button. The button is designed to automatically configure a router that supports UPnP. If the router does not support UPnP or the Repair button does not correct the problem, refer to Part 5 as to how to configure the router. In Part 5 we recommended that the WHS be assigned a static private IP address. In our example the server's local IP address is 192.168.145.30.
The Configure... button runs a wizard to configure your Windows Home Server domain. The domain name will be used by Internet users to access your server. It is necessary that you have an account with Microsoft. The account can be Hotmail, MSN, or Live. If you do not have an account, create one before configuring the home server domain.
Prior to running the wizard, decide on what name you want to use to identify your WHS. Some family members may live in different states, countries, or cities and have their own home server. Developing a naming standard can help identify each server. A standard can be based on <familyname>, a dash "-", and an abbreviation of where they live. So let's say the Smith family has home servers in New Jersey, Florida, Frankfort, and London. In this case, the servers can be named Smith-NJ, Smith-FL, Smith-DE, and Smith-UK. After developing a naming standard and are ready, click the Configure... button and follow the wizard.
Enter a name for your website. In the example below we used Our Family Web Site. We are aware that the remote access is not functional because of the Domain name not configured message and there is no link for the domain name.
The wizard configures the WHS Remote Access domain name. A certificate for your domain is created and your domain is registered as a sub-domain to homeserver.com. In our example, the URL for your WHS is https://myserver.homeserver.com.
When an authorized user successfully logs on to the website, the connection is secured by the HTTPS protocol and all data sent from the WHS is encrypted. If you are using Internet Explorer, the background color of the address bar turns green. This means that a Class 3 certificate with extended validation, the $1,500 per year option, is in use. This means that encryption based on 128 bits is used.
Routers that provided a higher degree of security need to define certain network devices. Using the SonicWALL TZ-180 router as an example, an address object must be defined for the Windows Home Server. Part 9 explains in detail how to program the router to define the WHS as a network address object. If the address object has not been defined, refer to Part 9 to configure the router. The following displays the address object entry for the WHS.
Part 2 introduced the network router and explained its general functionality. Part 3 identified the different types of ISPs and the services they provide. Part 5 explained how ISPs use DHCP or dynamic host configuration protocol to assign public IP addresses to their subscribers and described the router and its role as an interface with the cable/DSL modem. We discussed in detail how to configure the WAN, LAN and DHCP settings of the router. Part 9 explained how to create a rule for the HTTP service. If the router's WAN, LAN and DHCP settings are not configured, refer to Part 9 to for detailed instructions.
The service used to publish sensitive and non-public information is based on HTTPS or hyper text transfer protocol secure socket layer. Port 443 is the standard Internet port that is related to this service. This means when https://www.microsoft.com/ is typed in the browser, port 443 is automatically used.
Depending on what type of information that needs to be available to the website, rules must be configured in the router to instruct it what it should do for each type of request. All routers are initially programmed to reject any request for information from the Internet. They only permit outgoing traffic and responses to the outgoing traffic.
To allow computers to connect to a website via the Internet, an inbound or WAN to LAN rule must be defined in the router for the HTTPS service. This rule permits public HTTPS traffic to reach the web server. In general a rule encompasses five components.
Programming a rule for HTTPS is similar to programming a HTTP rule. The differences are the type of service and Internet port. To allow computers to establish a secure connection to the WHS website via the Internet, an inbound rule must be created in the router for the HTTPS service. Port 443 is the standard Internet port that is related to HTTPS. This rule permits public HTTPS traffic to reach the home server.
To configure the HTTPS rule in the router, click Firewall and then click the Access Rules option. Since we want to define a WAN to LAN rule, click the configure icon at the intersection of WAN and LAN in the access rules matrix.
To add a WAN to LAN rule for HTTPS, click the Add button. Click the Allow radio button for action. Select the HTTPS option for service, the All WAN IP option for source, the name of the WHS option for destination, the All option for users allowed, and the Always on option for schedule. A comment can be added for the rule. Note that the WHS, Earth in our example, was previously defined as an address object. Click the OK button to save the configuration settings.
The public port 443 is the Internet default for HTTPS. The WHS listens for HTTPS requests on port 443 but cannot hear any requests directly from the Internet because the router is blocking the traffic. By associating the public port 443 with the private port 443 the rule allows HTTPS requests to be passed through to the WHS.
In our example the WHS is used as the web server. The WHS has been defined as an address object and assigned a private IP address of 192.168.145.30.
Defining a HTTPS rule permits the WHS to act as a web server and to respond to requests for web content. Most routers provide stateful packet inspection or SPI to perform a cursory inspection of the packet for damage or alteration. In Part 8 we identified the vulnerabilities and threats that are associated with SPI. We recommended using a router that performs deep packet inspection that can identify malicious programs and other attempts to gain unauthorized access to the server.
The user accounts that are created on the WHS permit either full or read access to files contained in shared folders on the home server. The account can be enabled so that the home server can be accessed remotely by using an Internet browser. The user account's access permissions to shared folders do not discriminate whether the user connects locally to the WHS with the local area network or remotely using the Internet. This means that if the user has full permission to a shared folder, the user can read, delete, or upload files from any computer.
If the user's computer is a laptop whose configuration is managed by the administrator and is a member of the WHS's local area network, then the computer is trusted. The administrator is aware of the computer's compliance with security policies such as anti-virus and firewall configuration. As long as the user complies with safe computing practices and maintains password security, there is less of a chance of a threat to the WHS and network. A vulnerability exists if the computer is lost or stolen.
If other computers are used to access the WHS and the administration cannot validate the security configuration, then the computers cannot be trusted. The user can use computers that are available to the public. Or computers owned by friends or other businesses can be used. In any case, compliance with security policies cannot be verified and there is a greater threat to the WHS and network.
The administrator may consider using different types of user accounts based on local and remote access to the WHS. The user account for remote access could enforce read only access to all shared folders or reduce the number of shared folders that can be read.
After the user accounts, the WHS, and the firewall router are configured, users can access files located on the WHS by using an Internet browser. In our example we type myserver.homeserver.com in the address bar of a browser. The Windows Home Server Web Site log on page displays. Click the Log On button. The WHS Remote Access page uses HTTPS to secure the log on transaction. Enter the user name and password and click the Log On button.
When a user successfully logs on to the Windows Home Server all activity during the session is secured by HTTPS. The remote access main page displays the options that are based on the user's access permissions. In our example, there is a computer, shared folder, and log off option.
By clicking on the Computers option, the remote access to computers page displays the computers on the WHS network that the user is permitted to access. In our example, the user does not have permission to access computers by remote access; however, is permitted to administer the WHS. We do not recommend granting permission to access computers by remote access. Part 12 discusses this topic and provides alternative options.
When the user clicks on the Shared Folders option, the remote access to shared folders displays all the folders on the WHS that the user is permitted to access. The following displays the shared folders that are available to our user.
The user can interact with the files in each folder based on the access permissions assigned by the administrator. In this example, the user has full permissions to the Chuck folder. The following are a portion of files that are stored in the folder.
Since the user has full permission to this folder, the user can read, delete, update, or upload files. In our example, the user has similar permissions while using a computer that is networked with the WHS and the user understands the ramifications of their actions.
The following is an example of the user performing a file upload to the WHS.
We recommend that granting full access to folders to a user be highly limited, especially when the user is granted remote access to the folder. While there are many benefits to being able to remotely access files on the WHS by using an Internet browser there are several threats and vulnerabilities that are associated with this type of access. The user can inadvertently delete files or can upload a file that is infected with a virus. There is no guarantee that when another computer is used to access the WHS it is fully protected from viruses or other types of malware. To counter act this vulnerability we highly recommend using a router that is capable of deep packet inspection and can detect viruses or spyware in files that are uploaded to the WHS.
When the user is finished with their remote access session, they can click the Log Out button. The remote access log on page is displayed with a message confirming the log out action. The browser's Back button cannot be used to access the WHS. The user would have to enter their user name and password to re-access the WHS.
We at Home Server Land make the following recommendations to enhance the security of computer and your privacy as it applies to web access and hosting threats.
This part identified threats that are associated with secured website publishing. The security plan should be updated to identify threats specific to your WHS and network and address methods to manage these threats. We have developed the HTTPS and Secure Web Hosting Threats Risk Assessment to assist with the identification and methods that can reduce threats we identified. The Threat and Risk Assessment Worksheet can be used to document the threats that have been identified and used as a basis to manage them. Both documents are attached at the end of this blog.
This concludes Part 10 of Securing Your WHS & Network. This part identified the risks and benefits of using the Internet to share private and personal information. Methods of protecting your personal and private information as it travels across the Internet were explained. We discussed the role played by the administrator to balance the need to permit authorized users to access information with the need to protect it.
We explained how the Windows Home Server and network can be configured to increase the security of your files. The router's HTTPS rule and the WHS user permissions and remote access configuration were explained. The router is the first line of defense to protect the WHS and network from attacks by unauthorized people. We recommend that a router that is capable of DPI and virus detection be used.
Our next part, Friends and Family Threats, addresses issues that are related to sharing files with friends and other family members. The role of the administrator is explained. Alternative methods that can reduce the administrative burden while maintaining a secured environment are proposed. The result is to ensure that files on the WHS are available to those identified by the administrator.
In the meantime, we invite your discussion, ideas, or comments in response to this blog.