RE: VPN Group - Least Privaledges

[<benoni.martin () accenture com>]

Hi,

"full tcp-ip suite" for you meants "full access to anything once the
remote users are logged" ?

What do you mean by "drag and drop files between devices" ? You want to
allow remote users to copy files from machine A to a machine B, both
beeing inside your network ? This seems to be NetBIOS (several UDP/TCP
ports needed). FTP uses 2 ports (TCP 20 & TCP 21), not just one, but you
can copy files with scp/sftp/winscp using the default port 22 (can be
change on the ssh server ...) ...

More info would be great :)

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of fac51
Sent: jeudi 17 janvier 2008 13:16
To: security-basics () securityfocus com
Subject: VPN Group - Least Privaledges


Hi All,

Apologies for the simplicity of the question in advance.

I am looking at various tunnel groups that have been set up on our
firewall.
Most have the full tcp-ip suite open when they connect to the VPN.
(crazy huh)

Anyway, I want to lock them down to specific services.
RDP - 3389
HTTP - 80
etc.

My problem is that the main feature that is required from the VPN is
they want to drag and drop files between devices.
I cannot find anywhere what port that file transfer is communicated on? 

I thought it may by FTP - 21 but wasn't sure.

Does anyone know?

Thanks in advance for all your help.

Steve



 
________________________________________________________________________
____________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping



This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private 
information.  If you have received it in error, please notify the sender immediately and delete the original.  Any 
other use of the email by you is prohibited.