RE: VNC over SSH (was: Remote Administration on W2K)

From: phoebe (phoebe@tollon.net)
Date: 08/01/01 

Message-ID: <2FED382C6774D411B0F60000E229E4D214B853@localhost>
From: phoebe <phoebe@tollon.net>
To: "'Perciaccante, Robert'" <Robert.Perciaccante@dowjones.com>
Subject: RE: VNC  over SSH (was: Remote Administration on W2K)
Date: Wed, 1 Aug 2001 10:12:56 +0100

Hi,

Could you please give me advice how to disable "administrator" account login
through SSH to a Windows 2000 computer ?

I tried to add the following entry to sshd_config file, but it still doesn't
work.

PermitAdministratorLogin no

Please help !!!

Thanks,

Regards,
Phoebe

-----Original Message-----
From: Perciaccante, Robert [mailto:Robert.Perciaccante@dowjones.com]
Sent: 31 July 2001 13:45
To: 'SECURITY-BASICS@securityfocus.com'
Subject: VNC over SSH (was: Remote Administration on W2K)

One of the nice features of VNC (at least I have done this on Win32
platform, but I am sure it is the same on *nix as well) is that you can
configure VNC to listen only to the localhost address (127.0.0.1)... By
connecting to the remote box via SSH, and incorporating port forwarding, you
can use VNC over an established SSH tunnel, ensuring that passwords, etc are
encrypted. The additional plus is the fact that the VNC service is not
present on the network (identifiable via port scanning) and unless you have
the ability to SSH to that device, it is not possible for you to connect VNC
(ports 5800 and 5900 if memory serves me correctly) to brute force access.

This is not something I would recommend in a wide scale environment, but it
works well for secure administration of a device that is not located at your
location (I have seen it used to admin boxes in Hong Kong from NY)

---------------------------
Robert Perciaccante
Information Security
Dow Jones and Company
4300 Rt 1 North
South Brunswick, NJ 08852
Phone: (609) 520-5208
Fax: (609) 520-5409
Email: robert.perciaccante@dowjones.com

-----Original Message-----
From: Kirk Ellsworth [mailto:kirk@dngnet.com]
Sent: Monday, July 30, 2001 11:33 AM
To: De ***, Joost; Ryan McDonnell; SECURITY-BASICS@securityfocus.com
Subject: RE: Remote Administration on W2K

VNC is Free!
Try it.

-----Original Message-----
From: De ***, Joost [mailto:Joost.De.***@eu.sony.com]
Sent: Friday, July 27, 2001 3:18 AM
To: 'Ryan McDonnell'; SECURITY-BASICS@securityfocus.com
Subject: RE: Remote Administration on W2K

I use Funk proxy remote control

www.funk.com

It's fast and powerful, I really love it, and I've been told it's more
secure then PCAnywhere. You can download the trial, so I advice you try
it.

.
|oos|~

-----Original Message-----
From: Ryan McDonnell [mailto:ryan@ocwebsolution.com]
Sent: Thursday, July 26, 2001 11:57 PM
To: SECURITY-BASICS@securityfocus.com
Subject: Remote Administration on W2K

I wanted to get an idea of what full-system remote administration
programs people recommend for internet servers. Mainly I've found most
use PCAnywhere or Terminal Services... curious as to which poses less of
a security risk, quicker speed, server resources used, etc.

TIA,

Ryan McDonnnell

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. Sony cannot accept liability for statements made which are
clearly the sender's own and not made on behalf of Sony.
(03)
**********************************************************************

Quantcast