RE: Secure / Encrypt Terminal Services
From: Stacy Olivas (olivas@digiflux.org)
Date: 11/29/02
- Previous message: Fraser Hugh: "RE: Question: Buffer Overrun in Microsoft Data Access Components Coul d Lead to Code Execution (Q329414)"
- In reply to: epic: "RE: Secure / Encrypt Terminal Services"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Stacy Olivas" <olivas@digiflux.org> To: <focus-ms@securityfocus.com> Date: Fri, 29 Nov 2002 11:27:54 +0100
I do this regularly using an SSH tunnel. I connect to my FreeBSD box
running SSHD, and then setup port 3389 forwarding from my machine to the
Win2K box running terminal services. I then fire up the tsc client and
initiate a connection to "localhost" which then uses the SSH tunnel to
forward the connection to the Win2K box.
It's actually a pretty simple setup.
If you want to connect to multiple Terminal servers, just add additional
forwarded ports and change their number on the local end. If you use
the connection manager program (conman) you can export the "connections"
to a file and edit the port you connect on. And then re-import them
back in.
(Sorry if I'm babbling, just woke up and haven't had any coffee yet) :)
-Stacy
-----Original Message-----
From: epic [mailto:epic@surrealideas.com]
Sent: Tuesday, November 26, 2002 10:26 PM
To: ohnonono@hushmail.com; focus-ms@securityfocus.com
Subject: RE: Secure / Encrypt Terminal Services
There was a pretty decent paper on securityfocus about 2 months ago
about doing this a number of ways. I will search and provide the link
below if I find it.
My suggestion would be to use an encrypted tunnel between client and
server, whether this uses an app like stunnel, or a VPN providing
encryption is up to you.
http://online.securityfocus.com/infocus/1629
I have used stunnel, and zebedee to do a few various services using
encryption, and I believe zebedee to work fine for terminal services.
You will want to read the link above.
If you have any questions, let me know.
-----Original Message-----
From: ohnonono@hushmail.com [mailto:ohnonono@hushmail.com]
Sent: Thursday, November 21, 2002 7:22 AM
To: focus-ms@securityfocus.com
Subject: Secure / Encrypt Terminal Services
-----BEGIN PGP SIGNED MESSAGE-----
Does the community have an opinion on which is the best way to do this?
Can it be done via IP-Sec? Basically we have a machine (tripwire
manager) that will have access to all our networks. Due to politics
(gotta love security made insecure by politics) it must be remotely
managed. The CIO (god bless CIO's) has decided that we will use
terminal services. Is there a way to encrypt the traffic so it is not
flying around the network in clear text? Would IP-Sec be the recomended
solution?
Suggestions or links (or gentle shoves) to the information would be
great.
Thanks
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
wl0EARECAB0FAj3c67gWHG9obm9ub25vQGh1c2htYWlsLmNvbQAKCRAuXN+1lPsfqYk9
AJ4ndm/CgplNAjJHfTV5oSgPLfoYYwCfYUHT6Cta9Or1jTiu4KGfYokrjYg=
=2bx1
-----END PGP SIGNATURE-----
Get your free encrypted email at https://www.hushmail.com
- Previous message: Fraser Hugh: "RE: Question: Buffer Overrun in Microsoft Data Access Components Coul d Lead to Code Execution (Q329414)"
- In reply to: epic: "RE: Secure / Encrypt Terminal Services"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
