Win 2000 3 Security Solutions for remote control

First, the introduction

We envision a remote control scenario: A company that has to place such a iisweb server, which is placed 300 of miles away. The server is a broadband network, air-conditioning devices, power control devices, the combination of the three server centers. This Network Service center is both stable and affordable, but requires customers to completely remotely control the server, this control is at any time, without having to run to the console to operate the server frequently. There are usually several problems with remote control, most notably the communication between the client machine and the host is transmitted over the Internet. This exchange of data may be sniffed by hackers; Another problem is that remote control of its own vulnerabilities (such as its open ports) can also cause cyber attacks. The ultimate goal of choosing a remote control scheme is to ensure that you, the gateway (just you), can control the server without causing other network attacks.

The remote control scheme security principles are as follows:

Ensuring security for remote control permissions

Remote control must be able to prevent unauthorized access. This means that remote management software only accepts a small range of IP address connections and requires user name and password control. The remote control security is further enhanced through the introduction of smart card phase customer verification. It can also be enhanced with some simple, out-of-the-box techniques, such as using non-standard ports to provide services or some security configuration that does not display service flags.

Ensure the integrity of remote exchange data

To prevent data loss in remote control, we must ensure the integrity and immediacy of remote control of server and client data transmission (that is, the data sent is reliable and not resend).

Ensure confidentiality of sensitive data transmissions

For remote control, the most important point is to ensure the confidentiality of sensitive data transmitted over the Internet. This will prevent the transmission of data packets will not be sniffed by hackers. This requires the use of robust and feasible encryption algorithms for session encryption. The advantage of this encryption is that even if an attacker sniffs the data. It's no use to the sniffer people.

Ensure that event logs are safe to audit

Good security audit can greatly improve the overall security of remote control, and the security hidden danger and technical crime to nip in the bud. The main purpose of the audit log is to let administrators know who has access to the system, what services are being used, and so on. This requires the server to have a sufficient, sufficiently secure log record for the remote control trail of the black mold that attempted to invade by technical crime.

Two, 3 security solutions for Windows 2000 remote control

Although there are many ways to remotely control Windows2000. Not all software conforms to the security principle of the remote control program above, we can combine different software to complete the remote control solution we need.

Some of the following examples are the use of Windows2000 or third-party software to achieve secure and reliable remote control.

Method 1. Windows2000 Terminal Services combined with the use of Zebedee software

Terminal Services is a technology provided in Windows2000 that allows users to perform windows-based applications on a remote Windows9000 server. Terminal Services should be the most widely used Windows2000 server for remote management, and it has to do with its ease of use and other benefits associated with its built-in Windows services, such as the use of authentication systems with Windows2000 servers. But the Terminal Services program itself has some drawbacks: it does not have the mechanism to restrict the client's ability to connect to IP; it does not explicitly propose a way to change the default listening port; its log audit function, which means that there is no logging tool. Based on the security principles of the remote control scheme mentioned at the beginning of this article, it is not safe to use Terminal Services alone. However, by combining with the Zebedee software, Terminal Services can achieve the remote management security requirements above.

The working principle of Zebedee is as follows ' Zebedee listens for the local designated application, encrypts and compresses the TCP or UDP data to be transmitted, and establishes a communication tunnel between the client and the server Zebedee; compressed, encrypted data is transmitted over this channel. ; You can make multiple TCP or UDP connections on top of the same TCP connection.

You typically use Zebedee to divide the following two steps:

First step: Configure the Zebedee listening port

Use the following command:

C:\\zebedee-s-O Server.log

Step Two: Configure the 3389 port on the client and redirect it to the Zebedee listening port on your server

Use the following command:

C:\\>zededee 3389 serverhost:3389