Page 1 of 1
[SOLVED] Separate server and administrator workstations
Published: June 22, 2020 - 4:53 PM
by cam64
Hello,
I have a quick question: why separate the admin workstation and the server workstation? Is it solely for security reasons?
Thank you.
Re: Separating server and administrator workstations
Published: June 22, 2020 - 7:48 PM
by sfonteneau
On a Windows server, the server often also acts as an "admin workstation," but this is indeed discouraged for security reasons.
The server has an open port (443), sometimes even for RDP or other services, which exposes it to an attacker. (A security vulnerability can occur at any time, as we recently saw with SSH and RDP.) Therefore,
it's not recommended for the Windows WAPT server to store the key (c:\private). In case of an attack, the hacker won't be able to deploy ransomware with WAPT (since WAPT verifies packet signatures and actions, this limits the risks).
Conversely, if your admin workstation has the key, it doesn't have any open ports, it's often in a dedicated IT VLAN, and it's often encrypted (BitLocker). When your workstation is turned off, the key is inaccessible.
A cleaner security solution!
Simon
Re: Separating server and administrator workstations
Published: June 23, 2020 - 10:20
by cam64
Very well, thank you for this clarification!
