Re: not sure if anyone can help me
From: Doug (dontcontactviaemail_at_not.com)
Date: 04/12/05
- Next message: htredneck: "Re: It's a copier, no it's a computer..."
- Previous message: Doug: "Re: Cisco vs Netscreen for our environment"
- In reply to:(deleted message) Leythos: "Re: not sure if anyone can help me"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 12 Apr 2005 00:23:22 GMT
On Mon, 11 Apr 2005 16:17:15 GMT, Leythos <void@nowhere.lan> wrote:
>On Mon, 11 Apr 2005 08:58:24 -0700, Amber wrote:
>>
>> I installed pcAnywhere on a coworker's computer so she can access her
>> work computer from home, but it is telling me that I have to open the
>> symantec ports on the router and I have no idea how to do that. It is a
>> Lucent Technologies Pipeline router. Can anyone help? Thanks!
>
>Don't do it - if you open the ports on a simple router, you are opening
>them to the WORLD. PcAnywhere is a nice product, but you need to setup a
>VPN to connect between the locations.
>
>If the office has a dedicated IP address you should get a quality router
>that also provides a minimum of PPTP VPN end-point access and let her VPN
>into the office.
>
>--
>spam999free@rrohio.com
>remove 999 in order to email me
>
I second Free's assertion above...
however, if you MUST (for whatever political/financial/whatever
reason) permit such connectivity do at least the bare minimums...
alter the listening ports on PCAnywhere to something nonstandard, and
don't put the two ports close to one another... (however, an
experienced hacker can probably still determine which service is
waiting on your port, even if it is nonstandard)...
also, use the highest level of PCAnywhere encryption possible for your
version and DON'T marry the username and password to the local/domain
user account... make it something unique.
At the very least, you have made your unscrupulous intruders task a
bit more challenging... Also, keep an eye on your firewall logs to
see if any clients are connecting to that host OTHER than the one you
were expecting.... Also, keep in mind, most firewalls do NOT retain
logs for very long... so you may need to set up a syslog server to
keep track of that info... don't worry, that part is easy.
A second affirmation to Free... Don't muck around w/ your firewall
unless you understand what you are doing. Leave that to the "pros"
hahaha.... of which, most aren't even close... also, get them to
document for you what they have done (including any other inbound
permissions they may have enabled)... NOTE, I have noticed MANY
consulting firms these days are permitting straight terminal services
connections to inbound hosts (often servers).... in my arrogant
opinion, DON'T LET THEM DO IT!...
okay,,,, enough ranting...
Thanks,
redneck
- Next message: htredneck: "Re: It's a copier, no it's a computer..."
- Previous message: Doug: "Re: Cisco vs Netscreen for our environment"
- In reply to:(deleted message) Leythos: "Re: not sure if anyone can help me"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
