RE: Remote Administration on W2K

From: Eric Johansen (eric.johansen@reliastar.com)
Date: 07/27/01


From: "Eric Johansen" <eric.johansen@reliastar.com>
To: "'Brian McClory'" <security_resources@hotmail.com>, <SECURITY-BASICS@securityfocus.com>
Subject: RE: Remote Administration on W2K
Date: Fri, 27 Jul 2001 16:05:52 -0500
Message-ID: <003c01c116df$eb513390$98e911ac@sk3tch>

When you speak of terminal services - if by "unnecessary load" you mean
about 4MB of memory and almost zero CPU usage, then you're correct.

I don't understand why anyone would use anything other than the built-in
terminal services in most applications - you can secure the data stream
(128-bit), change the port which it uses
(http://support.microsoft.com/support/kb/articles/Q187/6/23.ASP), lock
it down to individual users, plus you don't have to worry about people
forgetting to log off or lock the box (datacenters are sometimes not as
secure as you think)...

If you're using Windows 2000, you should be using the built-in terminal
services client. It's free with the OS and is perfectly integrated -
why go third party in most circumstances?

Eric

-----Original Message-----
From: Brian McClory [mailto:security_resources@hotmail.com]
Sent: Friday, July 27, 2001 11:19 AM
To: SECURITY-BASICS@securityfocus.com
Subject: Re: Remote Administration on W2K

I would look into VNC by AT&T Labs. It seems to be very light weight,
and most importantly has completely customizable ports, very important
if you will be accessing through a firewall, and also adds a little
security through obscurity. Also, VNC is open source under the typical
GNU License and all the source is provided.

Terminal services is something I strongly discourage. It causes
unnecessary load on the server. I have never been a fan of PCAnywhere.

VNC: http://www.uk.research.att.com/vnc/

Brian P. McClory MCT, CCI, MCSE, MCP+I, CCA, ETC...

"I'm not an actor, I just play one on TV."

On Thu, 26 Jul 2001, Ryan McDonnell wrote:

> I wanted to get an idea of what full-system remote administration
> programs people recommend for internet servers. Mainly I've found
> most use PCAnywhere or Terminal Services... curious as to which poses
> less of a security risk, quicker speed, server resources used, etc.
>
> TIA,
>
> Ryan McDonnnell