OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: MS vs. Unix Remote Access
From: Greg Byrd (wgbyrdMICRONPC.COM)
Date: Tue May 23 2000 - 17:06:43 CDT

To add to Henry's input, check out Sans.org (http://www.sans.org). You may
also try installing Microsoft's UNIX services for NT onto the target server.
Other alternatives are using a Windows 2000 server and have kerberos
authenticate the *NIX user. As most would agree, telneting on a private or
public network should not be done...it's too easy for a user to have a
sniffer extracting passwords from the wire.

Hope this helps.
Greg

-----Original Message-----
From: Henry Sieff [mailto:hsieffORTHODON.COM]
Sent: Tuesday, May 23, 2000 3:54 PM
To: FOCUS-MSSECURITYFOCUS.COM
Subject: Re: MS vs. Unix Remote Access

I use a citrix metaframe server through a Cisco Firewall IOS-based VPN and
the SecureICA (which uses 128 bit encryption on the ICA session itself, in
case there's an inside sniffer). Works fine for my purposes, but its not
command line. Also, it may not jibe with your security policy, although I
haven't seen any obvious weaknesses. . .provided all passwords are strong,
and the VPN is secure.

As of now, there is no SSH server for WinNT although one is supposed to be
coming out:
http://www.ssh.com/commerce/customer_service_faq.html#1
<http://www.ssh.com/commerce/customer_service_faq.html#1>

When it does, that'll be your best bet for a command-line interface
(although I supposed you could also write a wrapper for NCAT if you were
feeling particularly industrious :-).

-----Original Message-----
From: Eric Lecht [mailto:vinyloneUSWEST.NET]
Sent: Tuesday, May 23, 2000 1:37 PM
To: FOCUS-MSSECURITYFOCUS.COM
Subject: MS vs. Unix Remote Access

I *know* i've seen this discussion come and go, but our Solaris guru is once
again pissing and moaning that there are no tools for NT that'll allow him
to securely establish a command-line shell to an NT server a' la telnet
across a private yet insecure frame network using something akin to a
virtual console such as *NIX systems offer, and then stop/start services
that have choked?

He says it can't be done. I realize this may have been addressed before on
this forum, but I *cannot* come up with anything to refute him. I'm not
trying to proponent of one OS over the other here...but when someone tells
me something can't be done, i'm always suspicious....esp. when the source is
less-than-accomodating when it comes to MS products, however right he may or
may not be...

Like many state governments, we run a point-to-point frame network; Lots of
state agencies are linked back across the network to our core, so the
connections *must* be secure, from workstation to server.

So...what do other sysadmins use who must, oh, say, securely connect to a
remote NT box across a private, yet in fact insecure, frame network to a
machine running a firewall, and stop/start services? Preference is
command-line shell.
Or is he right, and in fact can't be done? PCAnywhere is not an
option....=>8 P.

Eric Lecht