RPC

With the advent of BYO it has become fashionable to regard PCs as untrusted devices that should be isolated in a dedicated security zone. Zoning Such an approach has a big advantage: by separating clients from servers it is possible to treat them differently and potentially apply more relaxed security policies - which is a basic requirement for BYO. In a truly BYO-only environment you block everything except Citrix ICA or some other remoting procotol of choice at the firewall and life is good. In real corporate networks things are a bit more complicated, however. Say you want to isolate your managed Windows PCs. In that case you might want to be able to manage them remotely from systems outside the client security zone (e.g. from management terminal servers). And suddenly you have a problem: Windows management protocols, especially RPC and DCOM, are not exactly firewall-friendly.