Security Basics mailing list archives
Re: Accessing corporate servers through the web..
From: "Steve" <securityfocus () delahunty com>
Date: Mon, 17 Nov 2003 12:14:49 -0500
I am probably not answering your question, but you really would want to set up a bastion host that allows you to connect to that host securely and then run those utils from there. But to answer your questions directly it looks like you have somewhat answered them yourself. (a) Telnet SSH would be more secure Telnet communications not secure (b) FTP SFTP more secure (c) Terminal Services (win 2K server) Can use encryption. (d) VNC (win 2K server) Not sure about any encryption. One place I worked we (the IT admin group) connected securely to a desktop we had configured in Citrix and then had all the tools we needed on there, functioned like a bastion host with a GUI. ----- Original Message ----- From: "Ronish Mehta" <sf_mail_sbm () yahoo com> To: <security-basics () securityfocus com> Sent: Friday, November 14, 2003 6:41 AM Subject: Accessing corporate servers through the web.. Hi, What are the security implications of allowing a server to be accessed from the Web using: (a) Telnet (on a Linux machine): (password is sent in clear text, may be captured by a potential hacker, anyother risks?) (b) FTP (default FTP service on a Linux machine) (c) Terminal Services (win 2K server) (d) VNC (win 2K server) Thanks for ur help, Rgds __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Accessing corporate servers through the web.. Ronish Mehta (Nov 14)
- Re: Accessing corporate servers through the web.. Philip Duldig (Nov 17)
- RE: Accessing corporate servers through the web.. arek (Nov 17)
- Re: Accessing corporate servers through the web.. sNeakEr (Nov 17)
- Re: Accessing corporate servers through the web.. Ronish Mehta (Nov 18)
- Re: Accessing corporate servers through the web.. Ansgar -59cobalt- Wiechers (Nov 17)
- Re: Accessing corporate servers through the web.. Steve (Nov 17)
- <Possible follow-ups>
- Re: Accessing corporate servers through the web.. Chris Berry (Nov 18)
- Re: Accessing corporate servers through the web.. Ansgar -59cobalt- Wiechers (Nov 19)
- Altiris Deployment Server vs. Microsoft SMS ZyberGeek (Nov 23)
- Re: Altiris Deployment Server vs. Microsoft SMS Steve (Nov 24)
- RE: Altiris Deployment Server vs. Microsoft SMS Rod Trent (Nov 25)
- Re: Accessing corporate servers through the web.. Ansgar -59cobalt- Wiechers (Nov 19)
- Re: Accessing corporate servers through the web.. Philip Duldig (Nov 17)