re: PCanywhere: security of it and operation over DSL/cable modems
From: H C (keydet89@yahoo.com)Date: 07/23/02
- Previous message: Raghu Uppalli: "Re: how to tell when a file was last read"
- Maybe in reply to: Tom Stowell: "PCanywhere: security of it and operation over DSL/cable modems"
- Next in thread: Tom Stowell: "RE: PCanywhere: security of it and operation over DSL/cable modems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Jul 2002 09:20:19 -0700 (PDT) From: H C <keydet89@yahoo.com> To: security-basics@securityfocus.com
> 1. Has anyone got experience with the security of
PCanywhere running over a DSL/cable modem connection?
The physical medium isn't really the issue...if it's
IP-based, and accessible, it doesn't matter if it's
satellite, dial-up, on a LAN, or DSL.
> What should I watch out for?
Basic security principles apply...as ever.
> I can use HTTPS as one of the options for the
connection. Anyone know the encryption level?
What did the vendor say when you checked their web
site or called them? It *is* SSL, so your range of
possible answers would be limited.
As to the issue of encryption...you're concerned about
sniffing, right? Use encryption, by all means, but
one would think that you'd also want to make sure no
one's loaded said sniffer on the LAN on either end...
> 2. How does the software work if it's over a
broadband connection?
Most likely, pretty much the same way it works over
dial-up...only faster.
> My internal IPs aren't valid for routing. How does
the software know a connection is being initiated?
B/c you'll have set up routes at your firewall or
router.
> 3. Any better solutions come to mind? I'd rather
have a PITA setup that's secure than a simple one
that's not.
No, you wouldn't. The old saying about a wise man
learning from the mistakes of others and the fool
learning from his own applies. PITA solutions get
circumvented, for the very fact that they are PITA.
Really, I don't see the issue here. pcAnywhere has
encryption, so set it up on the host, and have a
strong password. Or, tie the authentication to the NT
domain (if that's what you're using) b/c you should
already have strong passwords...you do, don't you?
Then set up the routes at your firewall or router. If
the person accessing the host has a static IP, you can
have a f/w rule that says to only accept pcAnywhere
connections from that IP, and then forward them to the
host on the inside.
> 4. What security measures should I implement on the
users PC to make sure that it's secure as well? I
won't have physical access to it but for the initial
setup.
Good question...that's your real concern out of this
entire issue. How do you know that other guy's box
hasn't been compromised? Well, you could have certain
requirements met...minimum settings, etc. Either way,
you're going to have to trust the guy if this is the
solution you're going with.
> I'll be interested in seeing if this gets posted at
all due to the recent acquisition of securityfocus by
Symantec. Can't bite the hand that feeds you, I
guess.
I don't see what you're getting at. Symantec has
stated that it's going to be "hands off" w/ the
companies it's purchased...so why wouldn't your
message get posted? Besides, you didn't make any
overtly derrogatory comments about pcAnywhere...so how
were you biting that hand that feeds you?
__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com
- Previous message: Raghu Uppalli: "Re: how to tell when a file was last read"
- Maybe in reply to: Tom Stowell: "PCanywhere: security of it and operation over DSL/cable modems"
- Next in thread: Tom Stowell: "RE: PCanywhere: security of it and operation over DSL/cable modems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
