[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] PC Anywhere to internal host
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rodney, Tried to send direct to you but got a relay denial from velcro... Recommendation's): - - NAT with single restricted port. Log all accesses. - - Harden the box with auditing & registry hacks. Place all important system files in known directories (%system&\system32) or related. - - Setup pcanywhere to run under an account with minimal access (this is possible in win2k, not sure about NT). - - Use pcanywhere's built in encryption feature. For added security you can layer it even further with IPSEC or 3DES of course :> RISKS: 1.) pcanywhere has a history of annoying people with denial of service attacks & such. I can't seem to remember any actual exploits offhand, other than the usual stupid-admin related cases. 2.) have you considered win2k terminal services instead? most people out there strongly encourage win2k over NT, and my experience with terminal services is that it kicks ass.. (at least so far) 3.) if you are stuck with either of these situations, be sure to NOT have the machines have access tokens. standard 'DMZ' type rules apply. - -----Original Message----- From: Rodney Lacroix [mailto:[email protected]] Sent: Monday, October 23, 2000 12:30 PM To: [email protected] Subject: [FW1] PC Anywhere to internal host Hi all, Just wanted to find out what most people are doing for their users needing PC Anywhere to internal hosts (other than VPN access). We have vendors who need access to specific internal hosts to perform maintenance on them. I'm curious what other companies do for PC Anywhere access on a large scale (RAS, dedicated modems to each station, VPN, NAT over public IP, etc.). I'm also curious to know what, if anything, I open myself up to by allowing PC Anywhere access to one of my servers (even if I dedicate the source and destination addresses, is it still risky?). Thanks. ====================================================================== ========== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ====================================================================== ========== -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOfShM+vJ4GFPiJqHEQK4YACg+28SzHrzB78+STKRzsnkrYJP/k4AnRWZ JbNs1Vr9l7hcuk+DsiftLQbt =V0S5 -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|