Re: XP Firewall on Modem Connection for PC Anywhere?
From: Duane Arnold (notme_at_notme.com)
Date: 01/19/04
- Previous message: Bob: "Watchguard"
- In reply to: pcguys: "XP Firewall on Modem Connection for PC Anywhere?"
- Next in thread: E.: "Re: XP Firewall on Modem Connection for PC Anywhere?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 19 Jan 2004 05:28:02 GMT
mikeweb@curtiscirc.com (pcguys) wrote in
news:1ce5fd6a.0401181913.71a9b01c@posting.google.com:
> I'd like to setup a modem on an XP Pro workstation, and let an
> employee from home dial-in and remotely control his pc using PC
> Anywhere.
>
> Any security issues?
You can also do this with NetMeeting's Remote Desktop Sharing which is
part of the NT based O/S. NMRDS can be placed into a secure connection
between machines. PCanywhere can be placed into a secure connection as
well.
>
> If the home user was infected with the blaster virus, for example,
> could it spread to our network through the modem connection?
Sure it can, because inbound ports using NMRDS or PCAW on the host
machine will be open and a self replicating worm dropping a payload on
the host can come down the inbound port from a compromising machine,
since the host machine will be doing File and Print Sharing on the
network and can compromise machines on the network.
>
> If so, could a ‘firewall' be setup on the modem connection, so only
> the pcanywhere port passes through? E.g. could all ports except the
> pc anywhere port be blocked on a modem connection?
With the host based FW on the host based NMRDS or PCAW machine, you
should be able to set rules for the inbound ports. But you would also
have to set rules on the host machine to allow traffic for 137 and 138
UDP and 139 and 445 TCP so that the NT based host machine can share
resources on the network, but limit IP(s) on the ports to IP(s) on your
network.
On the other hand, you could face the situation below.
http://computercops.biz/article1361.html
If it were me, I would not allow the user to direct dial the host
machine. I would get them an Broad Band or DSL connection and make them
come in that way.
Secondly, I would get a laptop that I configured and locked down so that
the user couldn't change the settings and give it to he or she for this
usage.
Thirdly, I would not use any RDS software on machines, unless it was
behind a secure network. I would be using VPN software such as AT&T
Extranet and make any user who needed connection from outside the company
network use it and come in that way, which would make that machine part
of the network.
Duane :)
- Previous message: Bob: "Watchguard"
- In reply to: pcguys: "XP Firewall on Modem Connection for PC Anywhere?"
- Next in thread: E.: "Re: XP Firewall on Modem Connection for PC Anywhere?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
