Re: Timbuktu, etc.
From: Andrey E. Lerman (lae_at_lae.pp.ru)
Date: 05/09/03
- Previous message: Benjamin Meade: "RE: (prevent + detect Arp spoofing) + Securing Terminal Services"
- In reply to: Benjamin D. Goldman: "RE: Timbuktu, etc."
- Next in thread: Jamey Maze: "RE: Timbuktu, etc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 9 May 2003 14:36:59 +0400 To: "Benjamin D. Goldman" <bgoldman@kipany.com>
On Thu, May 08, 2003 at 11:01:44AM -0400, Benjamin D. Goldman wrote:
> try running any of your remote programs over an SSH tunnel - but we have
> to leave it to the community to tell you how ;)
That works with OpenSSH from cygwin and PuTTY. You can even run sshd as
service with srvany. But SSH is Unix service and the purpose of it is
actually different from providing encrypted tunnels.
The more elegant solution I found is Zebedee
(http://www.winton.org.uk/zebedee/). This free tool runs natively as
service and is relatively easy to configure (once you get the
concept). It does not really require installation, so I created config
files and a .bat file for automated deployment. I have successfully used
Zebedee to tunnel VNC and pop3 connections.
One question remains is the security of such a solution. The
documentation is scarce in explaining the protocol and security
measures taken. Dependency of Unix version of Zebedee on openssl and words
such as "Blowfish" and "Diffie-Hellman" provide some optimism though.
The security history is currently clean, but that may just mean what
this tool is not as widely used as OpenSSH, for example.
> -----Original Message-----
> From: Jamey Maze [mailto:jamey@hush.com]
> Sent: Wednesday, May 07, 2003 2:57 PM
> To: focus-ms@securityfocus.com
> Subject: Timbuktu, etc.
>
>
>
> My company's sysadmins use Timbuktu to access their Windows servers.
> If they use NTLM authentication with Timbuktu, it would seem they're
> secure to that point. But when they login to Windows, I would guess
> those
> keystrokes could be sniffed off the network. Has anyone looked closely
> enough at Timbuktu to know if that's true?
>
> So if I wanted to improve this scenario, I'm thinking we could use two-
> factor authentication or some sort of secure tunnel. VPN might not be
> a big win since this traffic is all internal.
>
> Would like to hear what strategy others are using to provide secure
> access
> to Windows servers?
>
> Thanks!
> Jamey
-- Andrey Lerman | E-mail: lae@lae.pp.ru | ICQ#: 9418370 | PGP: 0xA18E5420 ----------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry`s most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-focus-ms ------------------------------------------------------------------------------
- Previous message: Benjamin Meade: "RE: (prevent + detect Arp spoofing) + Securing Terminal Services"
- In reply to: Benjamin D. Goldman: "RE: Timbuktu, etc."
- Next in thread: Jamey Maze: "RE: Timbuktu, etc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
