Deductive wonderful: two tricks practical remote control skills

        In today's increasingly large-scale network, if you still use the previous mode of separate management, it is unrealistic! In order to effectively improve the management and maintenance efficiency of the network, many network managers have chosen the remote control mode to the LAN. Or the server can be managed anytime, anywhere! But when you use pcAnyWhere remote control software or remote desktop connection to remotely manage the server, it will often bring convenience to the remote attacker of illegal attackers! So can we do it? Can you remotely control the server or LAN, and prevent hackers from taking the opportunity to enter? The answer is yes! This is not the case. Some of the remote control methods recommended by everyone in this article break through the conventional remote control mode and help everyone to be more efficient. Manage your server or LAN more securely!

1. Remote control with MMC console

Although the server can be remotely controlled by remote desktop function or conventional control software such as pcAnyWhere Management, but it is undeniable that these control methods exist Obvious security holes and they are easily exploited by illegal attackers. With the computer management function of the MMC console, not only can the local or remote server be effectively managed, but this way effectively avoids the obvious security vulnerabilities caused by the remote desktop connection, so the MMC system console is not only very Easily manage the server remotely and also prevent hackers from maliciously attacking the server.

course in the use of MMC console to manage the server remotely, you must first obtain a super server administrative privileges, and then also need to install the appropriate MMC plug-ins and some management tools can; for example, in order for Windows Server 2003 server for remote control, you must first obtain the service authority to manage Windows 2003 server, but also need to install the MMC plug-in and Windows 2003 server related management tools on the local computer. Once the above conditions are met, you can remotely control the server as follows:

Click the "Start" /"Run" command to open the system run dialog box, enter the string command after "MMC", click "OK" button, the system console window open the MMC, shown in Figure 1;

FIG. 1 click "file" MMC console window menu bar /" Add/Remove Snap-in command, in the following setting window, click the “Independent” tab, and in the corresponding tab page, continue to click the “Add” button to open the “Add Independent” as shown in Figure 2. Management unit" setting window;

Figure 2

Select the "Computer Management" option in the settings window, then click the "Add" button in the corresponding window, and then pop up in the figure In the dialog box shown in Figure 3, select the "Another computer" option, enter the IP address of the server that needs remote control, and click the "Finish" button to exit the "Computer Management" settings window;

Figure 3

Return to the MMC console window, double-click the newly added management unit with the mouse, and then you can manage the server remotely and manage it as you would later manage the local workstation. However, when you are managing a remote server, the error message "No access to remote computer" or "Access denied" appears on the system screen, indicating that you have not yet obtained the rights to the remote management server. At this point, you may wish to click the "File" /"Save" menu command in the console window, in the file save dialog box that appears, save the current console as "Remote Management Server" and exit the MMC console. interface.

Then click the "Start" /"Programs" /"Administrative Tools" option, right-click on the "Remote Management Server" project just saved in the lower menu that appears later (as shown in Figure 4) ), and execute the "Run Mode" command in the shortcut menu. In the "Run Identity" setting box that pops up, enter the user name and password that are authorized to manage the remote server, as shown in Figure 5. Then re-execute the MMC command and open the MMC console window to remotely manage the target server. It is worth noting that if the local computer and the target server are not members of Active Directory, even if you correctly enter the super administrator account of the target server in the "Run as identity" setting box, the local computer needs to create an identical super administrator. account number.

Figure 4


Figure 5

Tip: If the local computer and the remote server are installed with two different operating systems, then you must first The MMC management plugin corresponding to the remote server is installed on the local computer. For example, if the Windows 2000 server system is used in the local computer and the Windows 2003 server system is used in the remote server, you must first install the Windows 2003 server related management tools on the local computer. The specific installation method is: BR>
First put the installation CD of Windows 2003 server system into the CD-ROM drive, open the "i386" folder window, double-click the "adminpak.msi" file icon in the window, then Windows 2003 will pop up on the screen. Server management tool installation wizard window;

Follow the on-screen wizard prompts to complete the installation task, then open the MMC management console, add all the management tools related to Windows 2003 server, and then save this, and then save The Windows 2003 server can be remotely controlled and managed as described above.

2, via the command line remote control

either Remote Desktop Connection or MMC console, in fact, are to achieve the purpose of remote control through a graphical user interface, These methods have a fatal flaw, that is, the remote control operation requires the use of too much system resources of the server, and some complex remote control operations can not be completed. To this end, many people have come to think of the Telnet command control method, but the clear transmission characteristics of this method can easily bring a fatal threat to the security of the server! So is there a way to use the command line? Remote management of the server ensures that the server is protected from malicious attacks during remote control. In fact, with a tool called "F-Secure SSH server", you can easily implement the above control requirements; the following is the use of "F -Secure SSH server" tool, the specific steps to securely control the server remotely:

First install the "F-Secure SSH server" server-side program in the controlled server. After the installation is successful, the server is By default, the SSH Server service will be enabled automatically. The client can use the service to control the server.

In order to ensure the security control of the server, you also need related parameters of the SSH Server service. Make the appropriate settings to prevent hackers from crashing into the server. Considering that the SSH Server service is in the default state, it will open the "22" port in the server; in order to prevent the hacker from illegally attacking the server through the port, you can change the port number used by the SSH Server service to other strange numbers. When modifying the port number, you need to click the "Start" /"Programs" /"F-Secure SSH Server" /"Configuration" command to open the "F-Secure SSH Server Configuration" window as shown in Figure 6, and then Click the “Network” command under the “Server Setting” item, and at the “Port” setting item of the subsequent window, enter the new port number, for example “4567” (as shown in Figure 7), click “Apply” The button is ok.

Figure 6


Figure 7

To further protect the security of the server, you can also set the SSH Server service, only allowed to pass specific The workstations are used to remotely manage the server without allowing other workstations to access the server at will. In this security setting, you also need to open the "F-Secure SSH Server Configuration" window, then click the "Host Restrictions" command under the "Server Setting" menu, "Deny login from hosts" in the interface of Figure 8. At the setting item, you can enter the IP address of the workstation that is not allowed to access the server. For example, if you enter "10.168.160.26" and click the "Apply" button, then any user at the workstation with the IP address "10.168.160.26" will be Unable to remotely control the server.



Figure 8

Also by default, the SSH Server service allows users to establish multiple connections to remote servers at the same time, but multiple remote connections will not only consume Too many system resources, but also easy to bring security risks to the server, so you need to set up the SSH Server service to limit the number of remote connections to a suitable range. When limiting the number of connections, you must first open the "F-Secure SSH Server Configuration" configuration interface, then click the "General" command under the "Server Setting" menu item, and enter the appropriate "Maximum Number of Connections" in the subsequent interface. The value, for example, enter the number "10" (as shown in Figure 9), and then click the "Apply" button, then the server can accept 10 remote connections at the same time, if you enter the number "0", the number of remote connections will be No restrictions.

Figure 9

After making the above security settings, you only need to install the "F-Secure SSH Client" client program on the specified workstation and open "F-Secure SSH ClIEnt" "Program interface, click the "Connect" button, in the "Connect to remote host" setting box that opens later, fill in the IP address of the remote server in "Host name or IP address", and then in "User Name" ” Fill in the account name of the login server correctly, and enter the SSH Server service to open the server port number in “Port”, and finally click the “Connect” button. You will be able to log in to the remote server after a long time. You can use the command line to securely manage and manage remote servers.