Remote Access Security!
Results 1 to 2 of 2

Thread: Remote Access Security!

  1. #1
    Junior Member
    Join Date
    Jun 2002
    Posts
    24

    Remote Access Security!

    Heya,

    Over the last few years, remote access has made my life as a Sysadmin so much easier! Remote Access programs such as VNC, PC Anywhere and M$'s terminal services client are fantastic for administering a remote PC/server, but at what cost? How secure are these types of protocols, and what can I do to increase security?

    Right after installing any of these for access, we need to tighten the security. VNC and RDP use default port settings for access. VNC (i believe) is port 5700, and RDP is 3389. Both can be easily changed in 5 minutes. VNC can be changed right in the server settings, while RDP requires registry editing. Make sure that passwords are very secure, with numbers, letters, and many special characters; just to ensure that if someone were to try and use a password cracker, you'd know before they had access.

    RDP can be encrypted, but must be set on both ends (server and client), or access won't be possible. This is standard practice for me.

    Obviously if you need to be 100% secure, remote access isn't an option, but for super security, I recommend something over SSH. Remote VPN clients like Cisco kick ass too; especially through a PIX firewall...

    I'd like to know any other clients that are secure. Lemme know.
    ----------------------------------------------------------------
    \"First you get the sugar, then you get the power, then you get the women\"
    ----------------------------------------------------------------

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    first of all you should delete this thread and put it in misc. security where it belongs.

    vnc uses 5800 for the java applet (which is better disabled) and 5900 for the viewer. security on this can be increased by using ssh with it. also you FW can be set to only accept incoming traffic on these ports from these spacific ips. if the remotes are using DSL and your assigned dynamic ip's switch to a provider that offers statics. ie verizon does not while covad does. you can take this a step further by using VPN technology
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •