Three Security Solutions for Win 2000 Remote Control

I. INTRODUCTION We envision a remote control solution: a company wants to place such an IIS Web server, which is placed 300 miles away. The server is a server center that combines a broadband network, an air conditioner, and a power control device. This network service center is both stable and reasonably priced, but requires customers to have full remote control of the server. This control is always available, and it is not necessary to go to the console to operate the server. There are usually several problems with remote control, the most obvious being that the communication between the client machine and the host is to be transmitted over the Internet. This exchange of data may be sniffed by hackers; another problem is that remote control itself (such as its open ports) can also cause network attacks. The ultimate goal of choosing a remote control solution is to ensure that you (just you) as a gateway can control the server without causing other network attacks. The security principles of the remote control scheme are as follows: Ensuring the security of remote control rights Remote control must be able to prevent unauthorized access. This means that the remote management software only accepts connections for a small range of IP addresses and requires control of the username and password. Remote control security is further enhanced through the introduction of smart card phase customer verification. It can also be enhanced with simple, off-the-shelf techniques, such as using non-standard ports to provide services or some security configuration that does not display service flags. Ensuring the integrity of remotely exchanged data To prevent data loss in remote control, we must ensure the integrity and immediacy of the remote control server and client data transfer (that is, the transmitted data is reliable and not retransmitted). Ensuring the confidentiality of sensitive data transmissions For remote control, the most important thing is to ensure the confidentiality of sensitive data transmission over the Internet. This is to prevent the transmitted data messages from being sniffed by hackers. This requires session encryption using a robust and feasible encryption algorithm. The advantage of this encryption is that even an attacker sniffs the data. It is also useless for people who sniff. Ensuring that incidents can be safely audited Good security audits can dramatically improve the overall security of remote controls and smother security threats and technical crimes to the bud. The main purpose of the audit log is to let the administrator know who is accessing the system, what services are used, and so on. This requires the server to have a sufficiently adequate and secure log record of the black mold remote control trace attempting to invade through technical crime. Second, the three security solutions for Windows 2000 remote control Although there are many ways to remotely control Windows2000. Not all software meets the above remote control solution security principles, we can combine different software to complete the remote control solution we need. Some of the examples below are safe and reliable remote control through the combination of Windows 2000 native services or third-party software. Method 1. Windows 2000 Terminal Services in conjunction with the use of Zebedee Software Terminal Services is a technology provided in Windows 2000 that allows users to execute Windows-based applications on a remote Windows 9000 server. Terminal Services should be the most used method for remote management of Windows 2000 servers, which is related to its convenience and other benefits brought by Windows built-in services, such as the Windows 2000 server's own authentication system. But the terminal service itself has some drawbacks: it can't restrict the client's connection IP; it doesn't explicitly propose a way to change the default listening port; its log auditing feature, that is, no logging tool. Based on the security principles of the remote control scheme mentioned at the beginning of this article, it is not very secure to use Terminal Services alone. But we can achieve the above remote governance security needs by combining with Zebedee software. Zebedee works as follows: 'Zebedee listens to locally specified applications, encrypts and compresses TCP or UDP data to be transmitted; Zeebedee client establishes a communication tunnel with the server; compressed and encrypted data is played on this channel. Transport; can make multiple TCP or UDP connections on the same TCP connection. Usually Zeebedee is divided into the following two steps: Step 1: Configure Zeebedee's listening port Use the following command: C:\\zebedee -s -o server.log Step 2: Configure listener port 3389 on the client and redirect it Go to Zebedee's listening port on your server and use the following command: C:\\>zededee 3389 serverhost:3389 In this way, Zebedee starts to start, and its combined use with terminal services is shown in Figure 1. As can be seen from Figure 1, when the terminal service client process (target TCP port: 3389) is turned on, the local Zebedee client starts intercepting the data packet at the same time; Zebedee encrypts the data and sends it to the Zebedee server (here) Zebedee service default port 11965); Zeebedee server receives and then decompresses and decrypts the service delivered to the server (service port: TCP: 3389). Here, the terminal service on the server appears to be a connection to the local Terminal Services client, but in reality all the packets passed pass through an encrypted tunnel. In addition, Zebedee can also implement identity authentication, encryption, IP address filtering, and log functions through configuration files. A well-configured Zebedee and Windows 2000 terminal services can be combined to build a very secure remote management system.

In view of the fact that general terminal services do not provide file transfer functions, other methods need to be considered. We can use an FTP server. But the FTP server is generally considered to be insecure, and it can also enhance its security through Zebedee's encrypted tunnel by transmitting data directly on the terminal service. This is a cumbersome practice, but the Zebedee help file has been specifically explained. Two third-party solutions are recommended here, one is Analogx's TSDropCopy (http://www.analogx.com/con-tents/download/system/tsdc.htm) and the other is WTS-FTP (http;//Www.ibexsoftware.com/about.asp) In general, Windows 2000 Terminal Services is one of the most convenient and quickest methods, but for its own security. Through the combination of Zebedee and terminal services, we can achieve a convenient, fast and secure solution. Method 2. VNC VNC on SSH is a remote management software similar to Terminal Services. The difference between the terminal and the terminal is as follows: *VNC shares the same session with the user currently logged in. You can log in to the current session. Users operate simultaneously; *VNC client is available for different platforms, including WindowsCE and Java; *VNC can restrict IP access; there is no encryption on the client and server. For these differences in VNC, we are aware of the benefits of using VNC, but there are still some security risks if used alone. The biggest problem is that the data transfer of VNC is not encrypted. We can use SSH encryption to make up for this shortcoming. Usually use OpenSSH (http://www.networksimplicity.com/openssh). OpenSSH is a software similar to Zebedee in theory. But it is more widely used for SMTP.HTTP.FTP.POP3 and Telnet transport packet encryption. Like Zebedee, it is a tunnel through port communication. The difference is that SSH has become a widely recognized and widely used encryption protocol for users.