Suitable for readers: Intrusion enthusiasts and network administrators
Prerequisites: basic usage of PcAnyWhere
Liu: currently, the most popular types of script attacks on the Internet are aimed at obtaining webshells, while obtaining webshells matches Serv-u and PcAnyWhere with high usage, it is easy to improve permissions and fully control the server, which is also a headache for network administrators. How to protect the security of PcAnyWhere? So that intruders cannot log on to the server even if they have obtained the PcAnyWhere account and password? This is the question discussed in this article.
Block PcAnyWhere-based attack methods
PcAnyWhere is a well-known remote control tool that can be used to easily control remote computers on local computers, or to coordinate computers in two locations, network administrators can transfer files between the master and the control, or use the channel function to allow multiple computers to share a MODEM or provide inbound or outbound functions to network users. Because of these considerate functions, PcAnyWhere has become the preferred choice for many network administrators, but PcAnyWhere also has its shortcomings. Its password file is reversible. In case of intruders getting WebShell, if the Administrator is improperly configured, the attacker can get the connection password, and the consequences can be imagined ......
Readers may have said, "Can I restrict remote management of a specific IP address ?" Yes, this is a solution, but it is not perfect, because sometimes the server is in an emergency, but the Administrator is not in the company, or the administrator needs to perform remote management at home, the IP address and segment of ADSL are not fixed. For example, my IP address has been 61.52.80. *, but recently it has become 221.15.145 .*. In this case, only a fixed IP address can be managed.
Since Version 11.0 of PcAnyWhere, it supports SecurID dual authentication. Using SecurID authentication, you do not need to restrict the IP address at all. The other party cannot connect even if they know the user name and password of PcAnyWhere. Let's GO!
TIPS: This article describes the PcAnyWhere SecurID dual authentication mechanism. If you are not familiar with PcAnyWhere, refer to the online help or other basic tutorials.
First, describe the required software, that is, Symantec PcAnyWhere and Symantec Packager. Of course, both of them need to be installed. In this way, our platform has been set up. Note that you need to install PcAnyWhere first and then Symantec Packager to avoid unnecessary troubles.
Start the PcAnyWhere management interface and go to PcAnyWhere manager on the left, as shown in 1:
Figure 1
The bottom icon, that is, Serial ID Sets, is one of our protagonists today. Select it, right-click the area on the right, and choose "new-> item ......", The Serial ID Set Properties window is displayed, as shown in Figure 2:
Figure 2
Enter the Serial ID you want to set here, which must be a number greater than 0 and less than 4294967296. Otherwise, the following window is displayed (3 ).
Figure 3
I have not tested how many Serial IDS can be added here, and I have added up to 20 Serial IDs. One requirement is that the added Serial ID can be any number between 0 and 4294967296, but cannot be the same. Otherwise, an error occurs (figure 4)
Figure 4
Click OK. The Serial ID file is ready. At the top of the window, you can see the directory where the Serial ID file is located. If it is installed by default, the path to this file is "C: Documents and SettingsAll UsersApplication DataSymantecPcAnyWhereSerial ID Sets ", you can also copy it to a location that is easy to find for backup. Next, let's take out another leading role: Symantec Packager.
TIPS: Symantec Packager is a tool developed by Symantec to customize software installation packages. You can use Symantec Packager to create, modify, and create custom installation sets (or installation packages) and distribute them to users on your network so that administrators can install only the required components, avoid other programs occupying users' hard disk space and install unnecessary functions. You can use Symantec Packager to create an installation package that only contains the functions and settings required by the user to customize the installation suitable for the enterprise environment. In addition, Symantec Packager is only applicable to Windows NT/2000. However, a custom Installation File Created by Symantec Packager can be installed on any Microsoft 32-bit platform.
Start Symantec Packager and you can see that there are four tags in total, that is, all the functional tags of Symantec Packager. If the installation is successful in the normal order (that is, install PcAnyWhere first, and then install Symantec Packager), after the installation is started, the first interface is shown in figure 5, showing that Symantec PcAnyWhere is installed in the current system.
Figure 5
Today, we only use the second tag, Configure Profucts. Open the second tag and you can see that Symantec has prepared six built-in types for you. Here we will take the first one, that is, the default PcAnyWhere installation package for explanation. The rest are similar, you can try it on your own.
After the default installation package is opened, the following interface is displayed (6 ).
Figure 6
The first tag, Features, contains various functions of PcAnyWhere. You can choose between the functions of PcAnyWhere here. If you are not familiar with PcAnyWhere, do not change it.
Open the Configuration Files tab, as shown in 7.
Figure 7
You can set files in the PcAnyWhere installation package one by one. This is also the focus of our explanation today, that is, the most important part to implement the dual authentication of SecurID. Select "Host Security IDsFile (*. SID)" in the window to highlight it, and then click "Add ..." Click to browse the location of your SID file. Click OK to add the file to the installation package.
Click "Build" at the bottom to generate an installation package with the dual authentication function. If you want to customize other options, you can choose as needed, such as Remote Files (*. (CHF) is the configuration file for the master to connect to the control end, and Host Files is the configuration file for the control end Host. If multiple hosts need to be configured and the configurations are identical, you can select the files here, saving repetitive work.
Click the Build button to generate the Symantec PcAnyWhere installation package-Symantec PcAnyWhere. msi, the last thing you need to do is to uninstall Symantec PcAnyWhere on your current computer, install our customized installation package on both your computer and the controlled computer, and everything will be OK. 8.
Figure 8
In this way, you can install the generated program on a machine, and the machine can have complete SecurID authentication, but it does not have such authentication on other computers in the network, no one else wants to log on to your PcAnyWhere!
I hope the small technologies described in this article can help you with daily network management and wish you a happy New Year!