[unisog] security implications of using PCAnywhere on campus

Cal Frye cjf at calfrye.com
Thu Nov 18 19:30:36 GMT 2004


Precisely.
In many ways, a pcAnywhere session, or Citrix, or RDP, made to a managed server 
rather than any old desktop on your side of the firewall, can be more secure 
than a more open VPN or SSH tunnel.

One question that hasn't been asked (but I've not been following that closely) 
is why pcAnywhere was needed? SSH may not provide access to the licensed and 
restricted software installed on the desktop the user wants to reach.

--Cal Frye, Network Administrator, Oberlin College
  www.ouuf.org, www.calfrye.com

   "The colder the X-ray table, the more of your body is required on it."


Michael Holstein wrote:
>> If your user can ssh to a Unix account inside your firewall, she can no
>> doubt get along without your adjusting the firewall. While we don't use
>> PC-Anywhere here, we did post instructions for using Remote Desktop
>> Connection (RDC) which is shipped with Windows XP. I believe it has 
>> pretty
>> much the same functionality. The instructions are at
> 
> 
> If they can do that, they've basically got a VPN anyway : eg
> 
> /etc/ssh/sshd.config
> 
> AllowTcpForwarding=yes
> 
> 
> IMHO, a VPN is the only appropriately secure method of remote access. Be 
> it IPSEC, SSH, SSL or whatever -- but exposing remote-accesss services 
> to the 'net' at large is inviting problems.
> 
> 
> Cheers,
> 
> Michael Holstein CISSP GCIA
> Cleveland State University
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
> 



More information about the unisog mailing list