Re: Accessing corporate servers through the web..

From: Steve (securityfocus_at_delahunty.com)
Date: 11/17/03

  • Next message: Florian Streck: "Re: Crypto Question" 
    To: "Ronish Mehta" <sf_mail_sbm@yahoo.com>, <security-basics@securityfocus.com>
Date: Mon, 17 Nov 2003 12:14:49 -0500

    I am probably not answering your question, but you really would want to set
    up a bastion host that allows you to connect to that host securely and then
    run those utils from there.

    But to answer your questions directly it looks like you have somewhat
    answered them yourself.

    (a) Telnet
    SSH would be more secure
    Telnet communications not secure

    (b) FTP
    SFTP more secure

    (c) Terminal Services (win 2K server)
    Can use encryption.

    (d) VNC (win 2K server)
    Not sure about any encryption.

    One place I worked we (the IT admin group) connected securely to a desktop
    we had configured in Citrix and then had all the tools we needed on there,
    functioned like a bastion host with a GUI.

    ----- Original Message -----
    From: "Ronish Mehta" <sf_mail_sbm@yahoo.com>
    To: <security-basics@securityfocus.com>
    Sent: Friday, November 14, 2003 6:41 AM
    Subject: Accessing corporate servers through the web..

    Hi,
    What are the security implications of allowing a
    server to be accessed from the Web using:

    (a) Telnet (on a Linux machine): (password is sent in
    clear text, may be captured by a potential hacker,
    anyother risks?)

    (b) FTP (default FTP service on a Linux machine)

    (c) Terminal Services (win 2K server)

    (d) VNC (win 2K server)

    Thanks for ur help,
    Rgds

    __________________________________
    Do you Yahoo!?
    Protect your identity with Yahoo! Mail AddressGuard
    http://antispam.yahoo.com/whatsnewfree

    ---------------------------------------------------------------------------
    Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    The Presidio integrates PGP data encryption and XML Web Services security to
    simplify the management and deployment of PGP and reduce overall PGP costs
    by up to 80%.
    FREE WHITEPAPER & 30 Day Trial -
    http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    The Presidio integrates PGP data encryption and XML Web Services security to
    simplify the management and deployment of PGP and reduce overall PGP costs
    by up to 80%.
    FREE WHITEPAPER & 30 Day Trial -
    http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    ----------------------------------------------------------------------------

  • Next message: Florian Streck: "Re: Crypto Question"

    Relevant Pages

    • RE: PGP email encryption
      ... There IS a web client to PGP, and one way to use "email encryption" in PGP ... is to have the PGP server catch the ... > someone receives a notification that a secure email message has been sent ...
      (Security-Basics)
    • Re: Ex 07 Route outbound email differently based on sender?
      ... have the ability to send secure email, but it's not allways to predefined set ... What we're looking at is using the PGP Universal Gateway Email system. ... then lets the recipient know that they need access the web site on our server ... The problem is that we're only licensed on the PGP product for 100 users. ...
      (microsoft.public.exchange.connectivity)
    • Re: PGP email encryption
      ... > for the easiest way to send encrypted emails over the internet. ... > secured email server with web access. ... secured email server is NOT the same as a pgp server ... > someone receives a notification that a secure email message has been sent to ...
      (Security-Basics)
    • Re: Server Side PGP Encryption for Email - to send form results?
      ... I have found a host that offers the server side pgp and I had a pretty good ... I will be putting my form on ssl and storing the results on the secure ... > RSA x509 and Open PGP standards. ...
      (microsoft.public.frontpage.programming)
    • Re: Accessing corporate servers through the web..
      ... Is the server behind any firewall, or its just connected on i-net? ... > simplify the management and deployment of PGP and reduce overall PGP costs ... The Presidio integrates PGP data encryption and XML Web Services security to ...
      (Security-Basics)
    • Quantcast