Add a secure GUI to your locked-down Web server
In "Hardening an IIS 4.0 Web Server," October 2001, InstantDoc ID 22282, I explain how to remove services from a Windows NT Server 4.0 system running IIS 4.0 to protect the system from attacks. I also recommend using the Secure Shell (SSH) protocol to communicate with the server. Now, I want to tell you about AT&T Laboratories Cambridge's Virtual Network Computing (VNC), a graphical desktop program that can run on top of SSH to provide secure, remote management of your Web server.
You can also use VNC over SSH with a Windows 2000 Server system running IIS 5.0, but most people will want the better performance and integration of Win2K's bundled RDP and Win2K Server Terminal Services. (Keep in mind, though, that RDP hasn't gone through the intensive peer review that SSH has and therefore might have undiscovered security exposures.)
Installing VNC
VNC is a free GUI program that allows full access to a remote server's console. VNC client and server programs are available for most popular computer architectures. VNC by itself isn't secure: All its communications are in plaintext, and it uses only a weak form of encryption to protect passwords stored in the registry. However, you can tunnel VNC through the more secure SSH protocol, which encrypts all information that goes over the wire and uses its strong authentication model and usernames and passwords that the Windows server provides. For more information about SSH authentication, see the SSH FAQ at http://www.employees.org/~satch/ssh/faq/ssh-faq.html.
Start by downloading VNC 3.3.3.r 9 (the current version) from http://www.uk.research.att.com/vnc. This version works on Win2K, NT, and Windows 9x platforms, as well as on Linux, Solaris, and Mac OS. When you extract the downloaded file, it creates two subdirectories: vncviewer, which contains the client software, and winvnc, which contains the server software. In the winvnc directory, double-click setup.exe to install both the client and server software. After setup has finished, open the VNC program group, which Figure 1 shows, and double-click Run WinVNC (App Mode). At the WinVNC: Current User Properties dialog box, which Figure 2 shows, enter a password for the console sessions and click Apply. In the future, you can click Show User Settings in the VNC program group to open this dialog box.
To set up VNC as a service that runs whenever the server starts, click Administrative Tools in the VNC program group. In the resulting program group, which Figure 3 shows, click Install Default Registry Settings, then click Install WinVNC Service. Start the service and set a password when prompted. Before you continue to the next step, connect from a client to your newly installed server to verify that VNC works.
Next, you need to change VNC to allow only local connections to ensure that VNC will work only through the SSH pipe. After you make this change, you won't be able to use VNC until after you install SSH. Run regedt32.exe and go to the HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3 registry subkey. Add the subkey AllowLoopback with the data type REG_DWORD and a hexadecimal value of 1. Then, add the subkey LoopbackOnly with the data type REG_DWORD and a hex value of 1. The first added subkey allows local loopback connections; the second disables all connections other than loopback. Figure 4 shows the HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3 subkey with the added subkeys. These registry additions are important because they prevent plaintext VNC traffic and because without them, anyone with a VNC client can access your server. You can download a .reg file that has these settings from the Code Library at http://www.windowswebsolutions.com. After you download the file, click it to install the two subkeys.