Anti-Black: Blocking PcAnyWhere-based attack methods

PcAnyWhere is a well-known remote control tool that can be used to easily control remote computers on local computers, or to coordinate computers in two locations, network administrators can transfer files between the master and the control, or use the channel function to allow multiple computers to share a MODEM or provide inbound or outbound functions to network users. Because of these considerate functions, PcAnyWhere has become the preferred choice for many network administrators, but PcAnyWhere also has its shortcomings. Its password file is reversible. In case of intruders getting WebShell, if the Administrator is improperly configured, the attacker can get the connection password, and the consequences can be imagined ......
Readers may have said, "Can I restrict remote management of a specific IP address ?" Yes, this is a solution, but it is not perfect, because sometimes the server is in an emergency, but the Administrator is not in the company, or the administrator needs to perform remote management at home, the IP address and segment of ADSL are not fixed. For example, my IP address has been 61.52.80. *, but recently it has become 221.15.145 .*. In this case, only a fixed IP address can be managed.

Since Version 11.0 of PcAnyWhere, it supports SecurID dual authentication. Using SecurID authentication, you do not need to restrict the IP address at all. The other party cannot connect even if they know the user name and password of PcAnyWhere.

TIPS: This article describes the PcAnyWhere SecurID dual authentication mechanism. If you are not familiar with PcAnyWhere, refer to the online help or other basic tutorials.

First, describe the required software, that is, Symantec PcAnyWhere and Symantec Packager. Of course, both of them need to be installed. In this way, our platform has been set up. Note that you need to install PcAnyWhere first and then Symantec Packager to avoid unnecessary troubles.

Start the PcAnyWhere management interface and go to PcAnyWhere manager on the left. The bottom icon, Serial ID Sets, is one of our protagonists today. Select it and right-click it in the area on the right, select "new-> item ......", The Serial ID Set Properties window is displayed. You can enter the Serial ID you want to Set here, which must be a number greater than 0 and less than 4294967296, otherwise, the following window will pop up without testing how many Serial IDS can be added here, and I have added up to 20 Serial IDs. One requirement is that the added Serial ID can be any number between 0 and 4294967296, but cannot be the same. Otherwise, the error will be generated. Click OK at the end, and our Serial ID file is ready. At the top of the window, you can see the directory where the Serial ID file is located. If it is installed by default, the path to this file is "C: Documents and SettingsAll UsersApplication DataSymantecPcAnyWhereSerial ID Sets ", you can also copy it to a location that is easy to find for backup. Next, let's take out another leading role: Symantec Packager.

TIPS: Symantec Packager is a tool developed by Symantec to customize software installation packages. You can use Symantec Packager to create, modify, and create custom installation sets (or installation packages) and distribute them to users on your network so that administrators can install only the required components, avoid other programs occupying users' hard disk space and install unnecessary functions. You can use Symantec Packager to create an installation package that only contains the functions and settings required by the user to customize the installation suitable for the enterprise environment. In addition, Symantec Packager is only applicable to Windows NT/2000. However, a custom Installation File Created by Symantec Packager can be installed on any Microsoft 32-bit platform.

Start Symantec Packager and you can see that there are four tags in total, that is, all the functional tags of Symantec Packager. If the installation is successful in the normal order (that is, install PcAnyWhere first, and then install Symantec Packager), after the installation is started, Symantec PcAnyWhere is installed in the current system.

Today, we only use the second tag, Configure Profucts. Open the second tag and you can see that Symantec has prepared six built-in types for you. Here we will take the first one, that is, the default PcAnyWhere installation package for explanation. The rest are similar, you can try it on your own.

After the default installation package is enabled, the first tag Features on the following page contains various functions of PcAnyWhere. You can choose between the functions of PcAnyWhere. If you are not familiar with PcAnyWhere, do not make any changes.

Open the Configuration Files tab to set the Files in the PcAnyWhere installation package one by one. This is also the focus of our explanation today, that is, the most important part to implement the dual authentication of SecurID. Select "Host Security IDsFile (*. SID)" in the window to highlight it, and then click "Add ..." Click to browse the location of your SID file. Click OK to add the file to the installation package.

Click "Build" at the bottom to generate an installation package with the dual authentication function. If you want to customize other options, you can choose as needed, such as Remote Files (*. (CHF) is the configuration file for the master to connect to the control end, and Host Files is the configuration file for the control end Host. If multiple hosts need to be configured and the configurations are identical, you can select the files here, saving repetitive work.

Click the Build button to generate the Symantec PcAnyWhere installation package-Symantec PcAnyWhere. msi, the last thing you need to do is to uninstall Symantec PcAnyWhere on your current computer, install our customized installation package on both your computer and the controlled computer, and everything will be OK. In this way, you can install the generated program on a machine, and the machine can have complete SecurID authentication, but it does not have such authentication on other computers in the network, no one else wants to log on to your PcAnyWhere!