Three Security Solutions for Win 2000 Remote Control

I. INTRODUCTION

We envision a remote control solution: a company wants to place such an IIS Web server, which is placed 300 miles away. The server is a server center that combines a broadband network, an air conditioner, and a power control device. This network service center is both stable and reasonably priced, but requires customers to have full remote control of the server. This control is always available, and it is not necessary to go to the console to operate the server. There are usually several problems with remote control, the most obvious being that the communication between the client machine and the host is to be transmitted over the Internet. This exchange of data may be sniffed by hackers; another problem is that remote control itself (such as its open ports) can also cause network attacks. The ultimate goal of choosing a remote control solution is to ensure that you (just you) as a gateway can control the server without causing other network attacks.

The security principles of the remote control scheme are as follows:

Ensuring the security of remote control permissions

Remote control must be able to prevent unauthorized access. This means that the remote management software only accepts connections for a small range of IP addresses and requires control of the username and password. Remote control security is further enhanced through the introduction of smart card phase customer verification. It can also be enhanced with simple, off-the-shelf techniques, such as using non-standard ports to provide services or some security configuration that does not display service flags.

Ensuring the integrity of remotely exchanged data

To prevent data loss in remote control, we must ensure the integrity and immediacy of the remote control server and client data transfer (that is, send The data is reliable and not retransmitted).

Ensuring the confidentiality of sensitive data transmissions

For remote control, the most important point is to ensure the confidentiality of sensitive data transmission over the Internet. This is to prevent the transmitted data messages from being sniffed by hackers. This requires session encryption using a robust and feasible encryption algorithm. The advantage of this encryption is that even an attacker sniffs the data. It is also useless for people who sniff.

Ensuring that incidents can be safely audited

Good security audits can dramatically improve the overall security of remote controls and smother security threats and technical crimes to the bud. The main purpose of the audit log is to let the administrator know who is accessing the system, which services are used, and so on. This requires the server to have a sufficiently adequate and secure log record of the black mold remote control trace attempting to invade through technical crime.

Second, the three security solutions for Windows 2000 remote control

Although there are many ways to remotely control Windows2000. Not all software meets the above remote control solution security principles, we can combine different software to complete the remote control solution we need.

The following examples are used to achieve secure remote control through the combination of Windows 2000 native services or third-party software.

Method 1. Use of Windows 2000 Terminal Services in conjunction with Zebedee Software

Terminal Services is a technology provided in Windows 2000 that allows users to execute Windows-based applications on a remote Windows 9000 server. Terminal Services should be the most widely used method for remote management of Windows 2000 servers, which is related to its convenience and other benefits brought by Windows built-in services, such as the Windows 2000 server's own authentication system. But the terminal service itself has some drawbacks: it can't restrict the client's connection IP; it doesn't explicitly propose a way to change the default listening port; its log auditing feature, that is, no logging tool. Based on the security principles of the remote control scheme mentioned at the beginning of this article, it is not very secure to use Terminal Services alone. But we can achieve the above remote management security needs by combining with Zebedee software.
Zebedee works as follows: 'Zebedee listens to locally specified applications, encrypts and compresses TCP or UDP data to be transmitted; Zeebedee client and server establish a communication tunnel; compressed and encrypted data is in this Transfer on the channel; you can make multiple TCP or UDP connections on the same TCP connection.
Usually Zeebedee is divided into the following two steps:

Step 1: Configure Zeebedee's listening port

Use the following command:

C:zebedee -s - o server.log

Step 2: Configure listener port 3389 on the client and

redirect it to the listening port of Zebedee on your server

Use the following command :

C:>zededee 3389 serverhost:3389

In this way, Zebedee starts to start, and its combined use with terminal services is shown in Figure 1. As can be seen from Figure 1, when the terminal service client process (target TCP port: 3389) is turned on, the local Zebedee client starts intercepting the data packet at the same time; Zebedee encrypts the data and sends it to the Zebedee server (here) Zebedee service default port 11965); Zeebedee server receives and then decompresses and decrypts the service delivered to the server (service port: TCP: 3389). Here, the terminal service on the server appears to be a connection to the local Terminal Services client, but in reality all the packets passed pass through an encrypted tunnel. In addition, Zebedee can also implement identity authentication, encryption, IP address filtering, and log functions through configuration files. A well-configured Zebedee and Windows 2000 terminal services can be combined to build a very secure remote management system.