Re: [foxboro] Go Global security issue
- From: "Penndorf, Rocco (RP)" <RPPenndorf@xxxxxxx>
- To: "'foxboro@xxxxxxxxxxxxx'" <foxboro@xxxxxxxxxxxxx>
- Date: Tue, 20 Jan 2004 02:17:35 -0500
Hello list,
here is the answer I got from GraphOn (GoGlobal supplier):
---------------------------
The current version of the Graphon Unix product is GoGlobal UX 2.1. It sends
the user name and password to the Unix via a proprietary binary protocol,
rather than via telnet protocol. It can also encrypt all the traffic between
the server and the client using SSL.
So I believe the current version of the GraphOn product does address your
concerns.
Thank you
--
Evgeny Roubinchtein
support@xxxxxxxxxxx
---------------------------
Best Regards
Rocco
-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On
Behalf Of Corey R Clingo
Sent: Friday, January 16, 2004 4:31 PM
To: foxboro@xxxxxxxxxxxxx
Subject: Re: [foxboro] Go Global security issue
Importance: Low
Yes, it's possible to "sniff" the username/password with Telnet, as it is sent
as cleartext, but modern switched networks make this somewhat more difficult.
Further, anything you type while in GoGlobal (like passwords to change
environments) may likely also be "sniffed".
The most widely-used answer to your dilemma is the SSH (Secure Shell) protocol.
For a good, free implementation, check out OpenSSH for your AW, available on
sunfreeware.com. Nothing is sent as cleartext, and it will tunnel just about
any TCP-based protocol over an encrypted channel (i.e., hard to "sniff"). It
may even come with Solaris 8, but I'd probably still get the sunfreeware
version because it is newer (with security-related software, you want as many
bugs to be fixed as possible).
Windoze PC clients include the previously-mentioned PuTTY (free), OpenSSH
itself running in the Cygwin environment (also free), and SecureCRT (about $100
I think), among others.
We use OpenSSH for session establishment and tunneling of the X protocol to
Exceed on the PCs. Works great, but some applications (ICC, Display
Builder/Configurator, etc.), because of the funky way the I/A software runs
them, require more effort for the tunneling. GoGlobal, unlike Exceed, sets up
a local X server I believe, and uses its own protocol to communicate to the PC
(more like VNC) so it ought to be somewhat easier to set up the tunnel. I
don't have GoGlobal, though, so I can't say for sure.
Corey Clingo
BASF Corp.
|---------+---------------------------->
| | "Penndorf, Rocco |
| | (RP)" |
| | <RPPenndorf@xxxxx|
| | om> |
| | Sent by: |
| | foxboro-bounce@fr|
| | eelists.org |
| | |
| | |
| | 01/16/2004 01:47 |
| | AM |
| | Please respond to|
| | foxboro |
| | |
|---------+---------------------------->
>------------------------------------------------------------------------------------------------------------------------------|
|
|
| To: "'foxboro@xxxxxxxxxxxxx'"
|
| cc:
|
| Subject: [foxboro] Go Global security issue
|
>------------------------------------------------------------------------------------------------------------------------------|
Hello list,
i've got a security question regarding GoGlobal. I've heard that Telnet program
(GoGlobal is using telnet to establish session to host machine) does not code
the username and password information when sending to the hostmachine. So, i've
been told, it is possible by using a sniffer program to find out
usernames/passwords just by "listening" the network traffic.I really don't what
kind of "hacker" knowledge somebody must have to intrude into a enterprise
network and catch password information but i think it's worth raising the
question and ask for your experiences.
Questions:
(1) Is there a chance to make GoGlobal more secure?
(2) Are there better (more secure) solutions on the market (please provide
examples).
Best Regards
_______________________________
Rocco Penndorf
Sr.Process Control Engineer / Acrylic Acid Plant
DOW - Boehlen
Tel.: +49 (0) 34206-8-7524
Fax: +49 (0) 34206-8-7522
E-Mail: rppenndorf@xxxxxxx
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process Systems
(formerly The Foxboro Company). Use the info you obtain here at your own risks.
Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process Systems
(formerly The Foxboro Company). Use the info you obtain here at your own risks.
Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
Other related posts: