Re: Timbuktu, etc.
From: Joshua Levitsky (jlevitsk_at_joshie.com)
Date: 05/08/03
- Previous message: Thane Walkup: "RE: p2p and ISA"
- In reply to: Jamey Maze: "Timbuktu, etc."
- Next in thread: Benjamin D. Goldman: "RE: Timbuktu, etc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <focus-ms@securityfocus.com> Date: Thu, 8 May 2003 11:16:04 -0400
----- Original Message -----
From: "Jamey Maze" <jamey@hush.com>
Subject: Timbuktu, etc.
> My company's sysadmins use Timbuktu to access their Windows servers.
> If they use NTLM authentication with Timbuktu, it would seem they're
> secure to that point. But when they login to Windows, I would guess those
> keystrokes could be sniffed off the network. Has anyone looked closely
> enough at Timbuktu to know if that's true?
http://www.netopia.com/en-us/support/faqs/software/tb22000faq.html#encryption
Although Timbuktu Pro has always encrypted the passwords (Timbuktu or NT)
used to actually authenticate the remote control session, prior versions did
not encrypt the remote control data stream, because Netopia's proprietary
graphic protocol was complicated enough to prohibit the easy decoding of
display data. However, since data typed during the remote control session
was only hidden to the extent that the keystrokes were randomly commingled
with other upstream data, these keystrokes were, technically, clear text,
and a potential security hole.
Netopia has now added a security enhancement, available in Timbuktu Pro 2000
and Timbuktu Pro for Macintosh v.5.2.3 and higher, which dynamically
scrambles and encodes all keyboard and mouse data that is sent from the
guest to the host machine on a per session basis.
Based on customer feedback regarding the performance, complexity and cost
issues of implementing a full standards based PKI security solution, we
believe that our current solution offers the best balance between security
and performance. As with all aspects of the Timbuktu product suite, we
remain committed to continuing improvement, and are working with various
security vendors to develop ways to simplify the deployment and maintenance
of an even more comprehensive security solution.
-- Joshua Levitsky, MCSE, CISSP, EMTD Webhosting: http://jnux.hostingfreaks.com/ Consulting: http://www.jnux.net/ ----------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry`s most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-focus-ms ------------------------------------------------------------------------------
- Previous message: Thane Walkup: "RE: p2p and ISA"
- In reply to: Jamey Maze: "Timbuktu, etc."
- Next in thread: Benjamin D. Goldman: "RE: Timbuktu, etc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
