Hosting Provided By

RE: Secure / Encrypt Terminal Services

From: Stacy Olivas <olivas(at)digiflux.org>
Date: Fri Nov 29 2002 - 05:27:54 EST

I do this regularly using an SSH tunnel. I connect to my FreeBSD box running SSHD, and then setup port 3389 forwarding from my machine to the Win2K box running terminal services. I then fire up the tsc client and initiate a connection to "localhost" which then uses the SSH tunnel to forward the connection to the Win2K box.

It's actually a pretty simple setup.

If you want to connect to multiple Terminal servers, just add additional forwarded ports and change their number on the local end. If you use the connection manager program (conman) you can export the "connections" to a file and edit the port you connect on. And then re-import them back in.

(Sorry if I'm babbling, just woke up and haven't had any coffee yet) :)

-Stacy

-----Original Message-----

From: epic [mailto:epic@surrealideas.com] Sent: Tuesday, November 26, 2002 10:26 PM To: ohnonono@hushmail.com; focus-ms@securityfocus.com Subject: RE: Secure / Encrypt Terminal Services

There was a pretty decent paper on securityfocus about 2 months ago about doing this a number of ways. I will search and provide the link below if I find it.

My suggestion would be to use an encrypted tunnel between client and server, whether this uses an app like stunnel, or a VPN providing encryption is up to you.

Do you need help?

http://online.securityfocus.com/infocus/1629

I have used stunnel, and zebedee to do a few various services using encryption, and I believe zebedee to work fine for terminal services. You will want to read the link above.

If you have any questions, let me know.

-----Original Message-----

From: ohnonono@hushmail.com [mailto:ohnonono@hushmail.com] Sent: Thursday, November 21, 2002 7:22 AM To: focus-ms@securityfocus.com
Subject: Secure / Encrypt Terminal Services

-----BEGIN PGP SIGNED MESSAGE-----
Does the community have an opinion on which is the best way to do this? Can it be done via IP-Sec? Basically we have a machine (tripwire manager) that will have access to all our networks. Due to politics (gotta love security made insecure by politics) it must be remotely managed. The CIO (god bless CIO's) has decided that we will use terminal services. Is there a way to encrypt the traffic so it is not flying around the network in clear text? Would IP-Sec be the recomended solution?

Suggestions or links (or gentle shoves) to the information would be great.

Thanks

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

Do you need more help?

wl0EARECAB0FAj3c67gWHG9obm9ub25vQGh1c2htYWlsLmNvbQAKCRAuXN+1lPsfqYk9 AJ4ndm/CgplNAjJHfTV5oSgPLfoYYwCfYUHT6Cta9Or1jTiu4KGfYokrjYg= =2bx1
-----END PGP SIGNATURE-----
Get your free encrypted email at https://www.hushmail.com Received on Fri Nov 29 12:56:58 2002

This message: [ Message body ]
Next message: Stefan Lister: "RE: Question: Buffer Overrun in Microsoft Data Access Components Coul d Lead to Code Execution (Q329414)"
Previous message: Fraser Hugh: "RE: Question: Buffer Overrun in Microsoft Data Access Components Coul d Lead to Code Execution (Q329414)"
In reply to: epic: "RE: Secure / Encrypt Terminal Services"
In reply to Deus, Attonbitus: "RE: Any way to remove ADMIN$ only?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:25 EDT