Home page logo

basics logo Security Basics mailing list archives

Re: Remote access solution
From: "Nuzman" <nuzman () shreve net>
Date: Fri, 21 Feb 2003 10:29:52 -0600

While I haven't studied the security of the protocol itself, RDP is supposed
to be somewhat secure. I use administrative terminal services to manage
Win2k systems in the DMZ. The firewall restricts access to the RDP port only
from specific admin workstations (IP addresses) on the internal network.

As always, administrator accounts have been renamed, a new account named
administrator was created with an incredibly long random password and no
permissions (hack away all day at it) ... and strong, complex passwords
exists for all accounts.

Stay away from VNC for any but the most casual and temporary remote access

Norris Carden

----- Original Message -----
From: <sharon_joyner () timeinc com>
To: <security-basics () securityfocus com>
Sent: Thursday, February 20, 2003 11:14 AM
Subject: RE: Remote access solution

One product I've heard of is Neoteris, http://www.neoteris.com/, but I
haven't heard much about how secure it might be.  Does anyone have an


-----Original Message-----
From: Orlando J. Cano [mailto:ojcano () scif com]
Sent: Wednesday, January 29, 2003 7:58 PM
To: security-basics () securityfocus com
Subject: Remote access solution

I have recently been assigned to join efforts with our Network group in
coming up with a secure  remote access solution for our Network. This
will involve accessing servers in our DMZ. I was wondering if this
securityfocus community could elaborate on how secure VNC, Freevision or
Terminal Services are or better yet recommend another solution.
Any comments would be greatly appreciated.




This message is the property of Time Inc. or its affiliates. It may be
legally privileged and/or confidential and is intended only for the use
of the addressee(s). No addressee should forward, print, copy, or
otherwise reproduce this message in any manner that would allow it to be
viewed by any individual not originally listed as a recipient. If the
reader of this message is not the intended recipient, you are hereby
notified that any unauthorized disclosure, dissemination, distribution,
copying or the taking of any action in reliance on the information
herein is strictly prohibited. If you have received this communication
in error, please immediately notify the sender and delete this message.
Thank you.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]