RE: pcAnywhere question
From: Eric McCarty (eric_at_piteduncan.com)
Date: 12/02/04
- Previous message: Richard Windmann: "RE: deny access"
- Maybe in reply to: Shawn Wall: "RE: pcAnywhere question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 2 Dec 2004 10:20:42 -0800 To: "Travis Foley" <travis.foley@gmail.com>, "Greg Robinson" <greg.robinson@maxsyscomputers.com>
If you must put pcAnywhere on a non-firewalled interface I highly
suggest using the built in PcAnywhere encryption as well as ensuring you
are using the latest version with any/all patches. However on a side
note, why would u do this?. I would suggest you firewall the connection,
setup NAT/a PcAnywhere rule to allow this traffic and let that be that,
implement a
VPN for additional protection if need be.
I honestly can't think of any reason a computer would be connected
directly to the internet without the protection of a firewall or at
least a NAT-capable Router.
Eric
P.S. I also highly recommend GoToMyPc, It uses a password to get to the
site and a password for each PC and the monthly fee is cheap. Plus it
uses Citrix-like technology so it works well even on low-speed
connections.
-----Original Message-----
From: Travis Foley [mailto:travis.foley@gmail.com]
Sent: Wednesday, December 01, 2004 11:11 AM
To: Greg Robinson
Cc: security-basics@securityfocus.com
Subject: Re: pcAnywhere question
They'll tunnel it over SSH, not SSL... a MUST if you're going to use any
implementation of VNC.
Good idea on the dial in, may wanna configure for call back security at
a minimum though and make sure you cannot dial out from the server...
that would be a big sec risk, basically would circumvent your local
network security.
On Mon, 29 Nov 2004 23:11:34 -0500, Greg Robinson
<greg.robinson@maxsyscomputers.com> wrote:
> Ivan,
>
> Have you considered using a dial-up connection into your server? I
> know that it is a little slow, but it's much more secure and will
> allow you access in the event that the internet connection is lost. I
> work for a large Fortune 500 company, and our shipping servers are
> remotely administered by the parcel company's tech staff with no
> problems. If you needed to, you could then enable a network VNC-type
connection.
>
> I'd research gotomypc.com as well. I believe they tunnel everything
> over SSL, giving you nearly full functionality remotely.
>
> Just some thoughts!
> Greg Robinson, CCNA
> MaxSys Computers
>
>
>
> -----Original Message-----
> From: Ivan C [mailto:incman@hotmail.com]
> Sent: 29 November 2004 00:05
> To: security-basics@securityfocus.com
> Subject: pcAnywhere question
>
> Hi All,
> Looking at deploying pcAnywhere on the internet facing interface of a
> windoz
>
> 2000 server for remote management and would like any feed back as to:
>
> - the vulnerabilities of the pcanywhere application
> - can the login be brute forced
>
> any other feedback is appreciated
>
> Thanks
> Henry
>
> _________________________________________________________________
> Click here for the latest chart ringtones:
> http://ringtones.com.au/ninemsn/control?page=/ninemsn/main.jsp
>
>
- Previous message: Richard Windmann: "RE: deny access"
- Maybe in reply to: Shawn Wall: "RE: pcAnywhere question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
