Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Security RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Where is the security?

    How will you know if someone is using the remote web portal as an attack vector? With the router forwarding packets, the hackers will be around in no time.

    The browser certificate is  not trusted, where's the root certificate? A home user will be intimidated by that 'not trusted' statement.

    Otherwise the install went well and it's really cool.

     

    Dan

    Sunday, March 11, 2007 1:09 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    I cannot immediately speak to the first issue... but with regards to the certificate... this is a known issue on Connect and it's been stated that it'll be resolved before the final release.
    Sunday, March 11, 2007 1:39 AM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
     wilspin wrote:
    How will you know if someone is using the remote web portal as an attack vector? With the router forwarding packets, the hackers will be around in no time.

    The browser certificate is not trusted, where's the root certificate? A home user will be intimidated by that 'not trusted' statement.

    Well, you probably won't know directly. If you suspect you have a problem, you can monitor the Security event log and use a tool to analyse the web logs for attacks. But if you follow reasonable security practices, you probably won't have too much trouble. You should forward the minimum number of ports (which would be 443 and 4125), and use strong security for those users allowed remote access.

    The certificate has two problems. First, it's self-signed. Second, from anywhere outside your home network, it's going to look like it's assigned to a different machine. We are assured that the cert issues will be solved by the time WHS is released.

    Sunday, March 11, 2007 4:06 AM
    Moderator