I'm dealing with a Windows Server 2012 R2 Datacenter. It's a hosted Server and fully exposed to the internet, ie it only has a public ipv4 address.
This setup is neither my choice nor can I change it – and I am not happy with it. I've been asked to make it "as secure as possible". One thing that puzzles me is Port 135. In Windows Firewall there is an inbound rule "Windows Management Instrumentation (DCOM-In)" with these settings: Profile:All, Enabled:Yes, Action:Allow, LocalAddress:Any, RemoteAddress:Any
My question: Is that secure (enough)? Would it be better to prevent access from external? If so, how do I do it – it seems I can only restrict to IP addresses in the "scope" tab of the settings window or deselect profiles in the "advanced" tab.
Background info: The server is needed for one custom server software only, which could also run on a plain Windows Desktop. So this Windows Server is not even set up as a domain, no roles etc.
Thanks – also if you have any other input you might consider helpful on the subject of dealing with an exposed windows server…
Best Answer
TCP/135 is used for Microsoft RPC. This is semi-documented protocol that is used by many Microsoft tools AFAIK (DCOM, MAPI(Exchange) etc).
It was initialy created to be local area network protocol, and it is not secure: https://technet.microsoft.com/en-us/library/dd632946.aspx
Almost never you need to open it on external interface. Even if you need (like accessing Exchange from remote Outlook) you should use RPC over HTTPS instead.
So, close
135port on your public server.MS recommends to close following ports on external interfaces
UDP
TCP
Can't you create new rule in Firewall disabling access to this port?