RE: Timbuktu, etc.
From: Benjamin D. Goldman (bgoldman_at_kipany.com)
Date: 05/08/03
- Previous message: Ben Dumke: "RE: p2p and ISA"
- Maybe in reply to: Jamey Maze: "Timbuktu, etc."
- Next in thread: Andrey E. Lerman: "Re: Timbuktu, etc."
- Reply: Andrey E. Lerman: "Re: Timbuktu, etc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 8 May 2003 11:01:44 -0400 To: "Jamey Maze" <jamey@hush.com>, <focus-ms@securityfocus.com>
try running any of your remote programs over an SSH tunnel - but we have
to leave it to the community to tell you how ;)
-----Original Message-----
From: Jamey Maze [mailto:jamey@hush.com]
Sent: Wednesday, May 07, 2003 2:57 PM
To: focus-ms@securityfocus.com
Subject: Timbuktu, etc.
My company's sysadmins use Timbuktu to access their Windows servers.
If they use NTLM authentication with Timbuktu, it would seem they're
secure to that point. But when they login to Windows, I would guess
those
keystrokes could be sniffed off the network. Has anyone looked closely
enough at Timbuktu to know if that's true?
So if I wanted to improve this scenario, I'm thinking we could use two-
factor authentication or some sort of secure tunnel. VPN might not be
a big win since this traffic is all internal.
Would like to hear what strategy others are using to provide secure
access
to Windows servers?
Thanks!
Jamey
------------------------------------------------------------------------
-----
FastTrain has your solution for a great CISSP Boot Camp. The industry`s
most
recognized corporate security certification track, provides a
comprehensive
prospectus based upon the core principle concepts of security. This ALL
INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
utilization
of pertinent security tools. For a limited time you can enter for a
chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-focus-ms
------------------------------------------------------------------------
------
-----------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry`s most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-focus-ms
------------------------------------------------------------------------------
- Previous message: Ben Dumke: "RE: p2p and ISA"
- Maybe in reply to: Jamey Maze: "Timbuktu, etc."
- Next in thread: Andrey E. Lerman: "Re: Timbuktu, etc."
- Reply: Andrey E. Lerman: "Re: Timbuktu, etc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
