RE: Timbuktu, etc.

From: Benjamin D. Goldman (bgoldman_at_kipany.com)
Date: 05/08/03

  • Next message: Marc Fossi: "Article Announcement: Starting from Scratch: Formatting and Reinstalling after a Security Incident"
    Date: Thu, 8 May 2003 11:01:44 -0400
    To: "Jamey Maze" <jamey@hush.com>, <focus-ms@securityfocus.com>
    

    try running any of your remote programs over an SSH tunnel - but we have
    to leave it to the community to tell you how ;)

    -----Original Message-----
    From: Jamey Maze [mailto:jamey@hush.com]
    Sent: Wednesday, May 07, 2003 2:57 PM
    To: focus-ms@securityfocus.com
    Subject: Timbuktu, etc.

    My company's sysadmins use Timbuktu to access their Windows servers.
    If they use NTLM authentication with Timbuktu, it would seem they're
    secure to that point. But when they login to Windows, I would guess
    those
    keystrokes could be sniffed off the network. Has anyone looked closely
    enough at Timbuktu to know if that's true?

    So if I wanted to improve this scenario, I'm thinking we could use two-
    factor authentication or some sort of secure tunnel. VPN might not be
    a big win since this traffic is all internal.

    Would like to hear what strategy others are using to provide secure
    access
    to Windows servers?

    Thanks!
    Jamey

    ------------------------------------------------------------------------
    -----
    FastTrain has your solution for a great CISSP Boot Camp. The industry`s
    most
    recognized corporate security certification track, provides a
    comprehensive
    prospectus based upon the core principle concepts of security. This ALL
    INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
    utilization
    of pertinent security tools. For a limited time you can enter for a
    chance
    to win one of the latest technological innovations, the SEGWAY HT.
    Log onto http://www.securityfocus.com/FastTrain-focus-ms
    ------------------------------------------------------------------------
    ------

    -----------------------------------------------------------------------------
    FastTrain has your solution for a great CISSP Boot Camp. The industry`s most
    recognized corporate security certification track, provides a comprehensive
    prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
    of pertinent security tools. For a limited time you can enter for a chance
    to win one of the latest technological innovations, the SEGWAY HT.
    Log onto http://www.securityfocus.com/FastTrain-focus-ms
    ------------------------------------------------------------------------------


  • Next message: Marc Fossi: "Article Announcement: Starting from Scratch: Formatting and Reinstalling after a Security Incident"

    Relevant Pages

    • RE: p2p and ISA
      ... allow the user to install the application. ... > recognized corporate security certification track, ... This ALL INCLUSIVE curriculum utilizes lectures, ... For a limited time you can enter ...
      (Focus-Microsoft)
    • RE: Share Point?
      ... Sharepoint actually has the ability to use either Domain logins or locally ... Has anyone here tested Share Point's security? ... >INCLUSIVE curriculum utilizes lectures, ... For a limited time you can enter for a chance ...
      (Focus-Microsoft)
    • Re: GUIs for Win32 Snort?
      ... Do you Yahoo!? ... > recognized corporate security certification track, ... > of pertinent security tools. ... This ALL INCLUSIVE curriculum utilizes ...
      (Security-Basics)
    • RE: block internet at two workstations
      ... The removal of a default gateway or DNS entry from the ... host itself would also work but if these people know anything about ... >prospectus based upon the core principle concepts of security. ... >INCLUSIVE curriculum utilizes lectures, ...
      (Security-Basics)
    • RE: p2p and ISA
      ... A tool we use for managing our bandwidth is Packeteer's Packetshaper. ... prospectus based upon the core principle concepts of security. ... INCLUSIVE curriculum utilizes lectures, ... of pertinent security tools. ...
      (Focus-Microsoft)