[unisog] Remote Access to Staff Desktops

Christoph Sprongl ch at it-austria.net
Thu Feb 26 06:59:22 GMT 2009


What about
http://www.balabit.com/network-security/scb/ ?

ch

> * BACHAND, Dave (Info. Tech. Services) <BachandD at easternct.edu> [Mon, 23
> Feb 2009 10:03:39 -0500]:
>>
>> [snipped world runs RDP it seems :) ]
>>
>> No other remote access is allowed.
>>
> I have been pondering about global SSH access being permitted, however
> the list would have dynamic blacklistings of workstations that were
> marked vunerable.  Vunerable meaning:
>  1) permitting SSH version 1
>  2) running a known vunerable SSH server version
>  3) permitting plaintext login
>
> The 'tweak' to the third clause would be that OTP's would be permitted
> along side the usual pubkey auth only approaches.
>
> Annoyingly scanssh[1] does not seem to go far enough.  Anyone got any
> suggestions?  All the useful info seems present via 'ssh -vvv', so maybe
> some ugly Perl-glue is called for...
>
> Cheers
>
> [1] http://monkey.org/~provos/scanssh/
>
> --
> Alexander Clouter
> .sigmonster says: Everyone is entitled to my opinion.
>
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
>
>




More information about the unisog mailing list