Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] PC Anywhere to internal host

To: [email protected]
Subject: RE: [FW1] PC Anywhere to internal host
From: Peter Mueller <[email protected]>
Date: Mon, 23 Oct 2000 13:36:52 -0700
Sender: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rodney,

Tried to send direct to you but got a relay denial from velcro...

Recommendation's):
- - NAT with single restricted port.  Log all accesses.  
- - Harden the box with auditing & registry hacks.  Place all important
system files in known directories (%system&\system32) or related.
- - Setup pcanywhere to run under an account with minimal access (this
is possible in win2k, not sure about NT).
- - Use pcanywhere's built in encryption feature.  For added security
you can layer it even further with IPSEC or 3DES of course :>

RISKS:
1.) pcanywhere has a history of annoying people with denial of
service attacks & such.  I can't seem to remember any actual exploits
offhand, other than the usual stupid-admin related cases.
2.) have you considered win2k terminal services instead?  most people
out there strongly encourage win2k over NT, and my experience with
terminal services is that it kicks ass.. (at least so far)
3.) if you are stuck with either of these situations, be sure to NOT
have the machines have access tokens.   standard 'DMZ' type rules
apply.

- -----Original Message-----
From: Rodney Lacroix [mailto:[email protected]]
Sent: Monday, October 23, 2000 12:30 PM
To: [email protected]
Subject: [FW1] PC Anywhere to internal host



Hi all,

Just wanted to find out what most people are doing for their users
needing PC Anywhere to internal hosts (other than VPN access).  We
have vendors who need access to specific internal hosts to perform
maintenance on them.

I'm curious what other companies do for PC Anywhere access on a large
scale (RAS, dedicated modems to each station, VPN, NAT over public
IP, etc.).

I'm also curious to know what, if anything, I open myself up to by
allowing PC Anywhere access to one of my servers (even if I dedicate
the source and destination addresses, is it still risky?).

Thanks. 



======================================================================
==========
     To unsubscribe from this mailing list, please see the
instructions at
               http://www.checkpoint.com/services/mailing.html
======================================================================
==========

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOfShM+vJ4GFPiJqHEQK4YACg+28SzHrzB78+STKRzsnkrYJP/k4AnRWZ
JbNs1Vr9l7hcuk+DsiftLQbt
=V0S5
-----END PGP SIGNATURE-----


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] PC Anywhere to internal host
Next by Date: [FW1] FW-1 Setup
Previous by thread: Re: [FW1] PC Anywhere to internal host
Next by thread: [FW1] IAS + w2k
Index(es):
- Date
- Thread