[unisog] security implications of using PCAnywhere on campus
cjf at calfrye.com
Thu Nov 18 19:30:36 GMT 2004
In many ways, a pcAnywhere session, or Citrix, or RDP, made to a managed server
rather than any old desktop on your side of the firewall, can be more secure
than a more open VPN or SSH tunnel.
One question that hasn't been asked (but I've not been following that closely)
is why pcAnywhere was needed? SSH may not provide access to the licensed and
restricted software installed on the desktop the user wants to reach.
--Cal Frye, Network Administrator, Oberlin College
"The colder the X-ray table, the more of your body is required on it."
Michael Holstein wrote:
>> If your user can ssh to a Unix account inside your firewall, she can no
>> doubt get along without your adjusting the firewall. While we don't use
>> PC-Anywhere here, we did post instructions for using Remote Desktop
>> Connection (RDC) which is shipped with Windows XP. I believe it has
>> much the same functionality. The instructions are at
> If they can do that, they've basically got a VPN anyway : eg
> IMHO, a VPN is the only appropriately secure method of remote access. Be
> it IPSEC, SSH, SSL or whatever -- but exposing remote-accesss services
> to the 'net' at large is inviting problems.
> Michael Holstein CISSP GCIA
> Cleveland State University
> unisog mailing list
> unisog at lists.sans.org
More information about the unisog