3 security solutions for Win2000 remote control


We envision a remote control solution: a company wants to place such an IIS Web server, which is placed 300 miles away. The server is a server center that combines a broadband network, an air conditioner, and a power control device. This network service center is both stable and reasonably priced, but requires customers to have full remote control of the server. This control is always available, and it is not necessary to go to the console to operate the server. There are usually several problems with remote control, the most obvious being that the communication between the client machine and the host is to be transmitted over the Internet. This exchange of data may be sniffed by hackers; another problem is that remote control itself (such as its open ports) can also cause network attacks. The ultimate goal of choosing a remote control solution is to ensure that you (just you) as a gateway can control the server without causing other network attacks.
The security principles of the remote control scheme are as follows:
Ensuring the security of remote control permissions
Remote control must be able to prevent unauthorized access. This means that the remote management software only accepts connections for a small range of IP addresses and requires control of the username and password. Remote control security is further enhanced through the introduction of smart card phase customer verification. It can also be enhanced with simple, off-the-shelf techniques, such as using non-standard ports to provide services or some security configuration that does not display service flags.
Ensuring the integrity of remotely exchanged data
To prevent data loss in remote control, we must ensure the integrity and immediacy of the remote control server and client data transfer (that is, the data sent is reliable and Not resent).
Ensuring the confidentiality of sensitive data transmissions
For remote control, the most important thing is to ensure the confidentiality of sensitive data transmission over the Internet. This is to prevent the transmitted data messages from being sniffed by hackers. This requires session encryption using a robust and feasible encryption algorithm. The advantage of this encryption is that even an attacker sniffs the data. It is also useless for people who sniff.
Ensuring that incidents can be safely audited
Good security audits can dramatically improve the overall security of remote controls and smother security threats and technical crimes to the bud. The main purpose of the audit log is to let the administrator know who is accessing the system, which services are used, and so on. This requires the server to have a sufficiently adequate and secure log record of the black mold remote control trace attempting to invade through technical crime.
Second, three security solutions for Windows 2000 remote control
Although there are many ways to remotely control Windows 2000. Not all software meets the above remote control solution security principles, we can combine different software to complete the remote control solution we need.
The following examples are used to achieve secure remote control through the combination of Windows 2000 native services or third-party software.
Method 1. Use of Windows 2000 Terminal Services in conjunction with Zebedee Software
Terminal Services is a technology provided in Windows 2000 that allows users to execute Windows-based applications on a remote Windows 9000 server. Terminal Services should be the most widely used method for remote management of Windows 2000 servers, which is related to its convenience and other benefits brought by Windows built-in services, such as the Windows 2000 server's own authentication system. But the terminal service itself has some drawbacks: it can't restrict the client's connection IP; it doesn't explicitly propose a way to change the default listening port; its log auditing feature, that is, no logging tool. Based on the security principles of the remote control scheme mentioned at the beginning of this article, it is not very secure to use Terminal Services alone. But we can achieve the above remote management security needs by combining with Zebedee software.
Zebedee works as follows: 'Zebedee listens to locally specified applications, encrypts and compresses TCP or UDP data to be transmitted; Zeebedee client and server establish a communication tunnel; compressed and encrypted data is in this Transfer on the channel; you can make multiple TCP or UDP connections on the same TCP connection.
Usually using Zebedee is divided into the following two steps:
Step 1: Configure Zeebedee's listening port
Use the following command:
C:\\zebedee -s -o server.log
Step 2: Configure listener port 3389 on the client and
redirect it to Zeebedee's listening port on your server
Use the following command:
C:\\>zededee 3389 serverhost:3389
In this way, Zebedee started to start, and its combined use with terminal services is shown in Figure 1. As can be seen from Figure 1, when the terminal service client process (target TCP port: 3389) is turned on, the local Zebedee client starts intercepting the data packet at the same time; Zebedee encrypts the data and sends it to the Zebedee server (here) Zebedee service default port 11965); Zeebedee server receives and then decompresses and decrypts the service delivered to the server (service port: TCP: 3389). Here, the terminal service on the server appears to be a connection to the local Terminal Services client, but in reality all the packets passed pass through an encrypted tunnel. In addition, Zebedee can also implement identity authentication, encryption, IP address filtering, and log functions through configuration files. A well-configured Zebedee and Windows 2000 terminal services can be combined to build a very secure remote management system.

view of the general Terminal Services does not provide file transfer function, it is necessary to consider other approaches. We can use an FTP server. But the FTP server is generally considered to be insecure, and it can also enhance its security through Zebedee's encrypted tunnel by transmitting data directly on the terminal service. This is a cumbersome practice, but the Zebedee help file has been explained in detail. Two third-party solutions are recommended here, one is Analogx's TSDropCopy (http://www.analogx.com/con-tents/download/system/tsdc.htm) and the other is WTS-FTP (http;//Www.ibexsoftware.com/about.asp)
In general, Windows 2000 Terminal Services is one of the most convenient and quickest methods, but for its own security. Through the combination of Zebedee and terminal services, we can achieve a convenient, fast and secure solution.
Method 2. VNC on SSH
VNC is a remote management software similar to Terminal Services. The following points are different from the terminal:
*VNC is shared with the user currently logged in. A session, you can operate simultaneously with the currently logged in user;
*VNC client for different platforms, including WindowsCE and Java;
*VNC can limit IP access;
on the client and server Not encrypted.
For these differences in VNC, we realize the benefits of using VNC, but there are still some security risks if used alone. The biggest problem is that the data transfer of VNC is not encrypted. We can use SSH encryption to make up for this shortcoming. Usually use OpenSSH (http://www.networksimplicity.com/openssh). OpenSSH is a software similar to Zebedee in theory. But it is more widely used for SMTP.HTTP.FTP.POP3 and Telnet transport packet encryption. Like Zebedee, it is a tunnel through port communication. The difference is that SSH has become a widely recognized and widely used encryption protocol for users.

Copyright © Windows knowledge All Rights Reserved