Security information for Connection Point Services

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Security information for Connection Point Services

Before you deploy Connection Point Services (CPS), you should recognize and plan for its specific security requirements. CPS comprises Phone Book Administrator (PBA) and Phone Book Service (PBS). Each component has its own implications, and there are additional security considerations for the interaction between the two programs.

To deploy CPS securely, you must also consider the general security of all of your servers, including your PBS server. For more information about server security, see Security.

When you plan your CPS deployment, you should consider the following:

• Using PBA or PBS. A user must be a member of either the Power Users or the Administrators group in order to use PBA or to start or stop PBS. A user must be a member of the Administrators group to install PBA or PBS. You should limit the membership of the Power Users and Administrators groups to the minimum number of users required to administer the server.

• Managing the File Transfer Protocol (FTP) service. PBA requires FTP to publish and update phone books to the PBS server. The PBS server requires FTP to receive phone books. To increase security, you might want to:

  • Start the FTP service on the computer running PBA immediately before you publish or update a phone book, and stop the service immediately after you finish. Make sure that no processes are using the FTP service before you stop it. For more information about how to start and stop services such as FTP, see Start, stop, pause, resume, or restart a service.

  • Do not enable anonymous access for FTP on your PBS server. Anonymous access is disabled by default when you install PBS, even if it was previously enabled. You should not install PBS on a server that allows anonymous FTP access. You can also check a log file to see who has posted files to that server. For more information, see Set up FTP accounts for known users.

  • Restrict the account that you create on the PBS server for posting phone book data to minimal permissions, and use that account only for posting phone book data. The user posting phone book data to the PBS server must have a user account on that server, the account must have a password, and Write permission to the PBSData virtual directory must be enabled. This user account should be a local user account on the PBS server, not on a domain, even if the PBS server is a member of a domain. For additional security, you should make this user account a member of the Guests group, and you should disable this user account from logging on locally and from logging on through Terminal Services. For more information, see Add a member to a local group, Deny log on locally, and Deny log on through Terminal Services.

  • FTP automatically sends passwords in plaintext. Do not activate the user account that you created for posting phone book data until you are ready to post data, and disable this account as soon as you finish posting data. Consider changing the password for this user account often, possibly after each posting. If one or more PBS servers are directly connected to the Internet without a firewall, you should consider alternatives to using FTP across the Internet. For example, you can host a PBS server inside your network and use file replication over a virtual private network (VPN) connection to update the PBS servers on the Internet. For more information, see Administer phone books and Disable or activate a local user account.

• Protecting phone book files. Phone book files are plain text files that any user can edit with any plain text editor, such as Notepad. Users do not need to be members of the Power Users or the Administrators group to read, change, or delete these files. To minimize the possibility that users might change these files, you might want to:

  • Limit access to the directories that contain phone book files so that only specific users or user groups can change or delete those files. For example, you can change the permissions on the PBA directories to allow only users with administrative credentials to access those directories. By default, any member of the Power Users or the Administrators groups can access the PBS and PBA directories. For more information on securing your PBS and PBA directories, see Set Permissions.

  • If you are issuing a phone book as part of a Connection Manager profile, encourage your users to install the profile for their individual use only (Windows 2000, Windows XP, and the Windows Server 2003 family only). If a user installs a profile for all users, any user can modify or delete phone book information. For more information, see Security information for the Connection Manager Administration Kit.

• Securing Internet Information Services (IIS). PBS requires IIS to function. You should take steps to secure your PBS server, including but not limited to running the IIS Security Wizard. For more information, see Installing IIS.