November 2000
Intermediate to advanced
216 pages
6h 3m
English
Content preview from Securing Windows NT/2000 Servers for the InternetBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 4. Setting Up Secure Remote Administration
If you’ve carefully followed the installation and configuration steps outlined in Chapter 2, and Chapter 3, your bastion host is now quite secure. However, there is no way of administering it remotely!
NT’s standard remote administration tools such as Event Viewer and Server Manager are based on RPC using NetBIOS. The problem with NetBIOS (as I discussed in Chapter 1) is that it’s considered unacceptably unsecure in perimeter networks. Hence, we must find alternative tools for administering and monitoring the Windows NT host.
The basic requirements for any new remote management tools are:
- Authentication
Both user and source IP address authentication are required to restrict unauthorized access to the servers. IP address authentication means access to certain services can be allowed or rejected based on the IP address of the client.
- Encryption
Since we are performing administrative tasks, such as adding users and changing passwords, all sessions must be encrypted.
- Ability to use the Windows NT GUI tools
It’s not possible to perform all administration tasks using the command prompt. Hence, we need some kind of remote graphics console.
- Ability to transfer files from and to the remote system
It’s often important to be able to transfer files to your bastion hosts in a simple way.
This chapter presents three different solutions for remote management of Windows NT/Windows 2000 servers:
- Symantec pcAnywhere v9.x
A very popular commercial software ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.