So, if you must have remote access to your servers, my recommendation
> would be to use some sort of client VPN to authenticate and encrypt
> users before they access servers directly. If VPN is not an option,
> restrict source addresses at the firewall to those that can be trusted
> and should be accessing the servers.
There are also other methods of remote access. Coming from *nix there's
VNC (many varieties, some of which work for windows as well) and there's
Remote Administrator. I can't speak for the security of RA, but I know
VNC has been looked at many a time and at it's current state is pretty
secure.
As usual of course, there is tunneling as Paul has suggested. Any time
you have something insecure or even weakly secured tunneling with IPSec,
SSH or any other VPN will help out immensely.
Chuck
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Apr 21 2004
Intro
