This article describes some best practices and security issues to consider when you configure Windows Live Sync on a network.
Sync is a Windows Live service. If you use Sync incorrectly, you might unintentionally disclose information on a network.
Windows Live Sync is a free service that is designed to help you do the following:
- Synchronize files across all the computers that you use.
- Share files and photos with friends, coworkers, and family.
- Remotely access your files from any other computer that is connected to the Internet.
If you have more than one computer, you can create personal folders to synchronize files between them. You can also share files with friends or colleagues when you create a shared folder or connect your computer to a shared folder.
For more information about Sync, visit the following Web site:
The following best practices address the security considerations of system administrators who have Sync installed on their networks:
- If your organization has filtering enabled on a firewall, you can effectively block outgoing traffic to Sync. To permanently block the Sync satellite from running in a particular environment, block access to the following host name on port TCP/443:
- Block incoming and
outgoing connections at the network perimeter, such as at the firewall or at the proxy server. You can also enforce software restriction policies through the Active Directory directory service to prevent Sync from running.
For more information about software restriction policies, visit the following Microsoft TechNet Web site:
- Use other security controls to deny outgoing network traffic from workstations. For example, a user must decide which folders to share. If a user does not
understand the implications of explicitly sharing information that might be sensitive, revisit your organization's user
education and security policies to raise user awareness.
- Make sure that your organization's user education and security policies are updated to explicitly warn users against installing unapproved peer-to-peer software.
Article ID: 925077 - Last Review: December 15, 2008 - Revision: 4.0
|kbsecurity kbhowto kbinfo KB925077|