RE: PC Anywhere on ISA

• From: David Dellanno <david@xxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 21 Aug 2001 13:22:28 -0400

opps...the Article ID: Q244732

-----Original Message-----
From: David Dellanno [mailto:david@xxxxxxxxxx]
Sent: Tuesday, August 21, 2001 1:17 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: PC Anywhere on ISA


http://www.ISAserver.org


I just want to correct number 4, TS is capable of remote file transfer with
out citrix client and without XP.  TS by default doesn't support the remote
file transfer for security design reasons but you can modify the server to
perform a remote cut and paste, this feature is only supported throught the
fat TSclient application, it will not work with the IE plug-in and the
fuction does not support a progress bar, really design to copy small to
medium files.  

How to Install the File Copy Tool Included with the Windows 2000 Resource
Kit



-----Original Message-----
From: Thor@xxxxxxxxxxxxxxx [mailto:Thor@xxxxxxxxxxxxxxx]
Sent: Tuesday, August 21, 2001 1:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: PC Anywhere on ISA


http://www.ISAserver.org


I wouldn't say "crazy" necessarily, but here is my .02 worth...

1.  Depending on the version of PCA you are using, it may be susceptible to
DOS attacks when repeated malformed packets are sent to it... Not a huge
deal, particularly when you are only using it internally, but it is
something.  You can find the specifics on Bugtraq at securityfocus.com.
2.  There are also methods to brute force/crack the username and password-
again depending on the methods used to authenticate.  Bugtraq would also be
a good place to look for that.  I have not personally done it, so I can't
tell you how hard it is, but it is out there.
3.  PCA is not the world's most efficient program.  It is large, and slow.
Terminal Services (in remote admin mode) have a minimal affect upon server
performance. Additionally, with TS, 2 people can be in (plus one at the
console) at the same time in their own session.
4.  A nice thing about PCA is the remote file transfer feature.  You can be
anywhere and transfer files between the host and remote with their nifty
little file transfer program.  To do direct host-to-remote transfers via the
TServer channel, you need the Citrix client (until you get XP) to map drive
letters and stuff.  There are ways around it, but not as easy as the file
transfer in PCA.
5.  A _really_ cool thing about terminal services is the high availability
of the client software... You can pull the TSWeb activeX control off a web
site and connect up to your tserver from _anywhere_.  TServer can be secured
very well if you take your time to do so.  This has saved my butt many
times- PCA, of course, requires the client loaded wherever you use it.
6.  Rolling out PCA solutions for remote admin gets expensive (assuming you
adhere to the license agreement).  TS is free for remote admin.
7.  PCA, when used externally, makes you open up more ports to use.  I don't
just filter at ISA- I do granular packet filtering at my router as well, and
that is just more crap that needs to be configured and tested.  TServer is
all over TCP 3389.  It can also be changed, which you can't do with PCA.  If
you really want to be sneaky, put your TServer at 59234 or so and change the
client to use that port.  (Note that you can't change the ActiveX Client's
port)


That's just off the top o' my head.  I have PCA as well, but _never_ use it
now that TS is alive and kicking.  It is definitely worth the test drive,
anyway.

hth.


----- Original Message -----
From: "Paul Gower" <paul@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, August 21, 2001 7:09 AM
Subject: [isalist] RE: PC Anywhere on ISA


> http://www.ISAserver.org
>
>
> But WHY is it crazy?  Please explain
>
>
> Regards
>
> Paul Gower
> Technical Director
> Paradisii Limited
>
> 64 High Street
> Lewes
> East Sussex
> BN7 1XG
>
> Tel: (01273) 470006
> Fax: (01273) 470007
> Mobile: (07973) 172650
>
> http://www.paradisii.co.uk
>
> -----Original Message-----
> From: Gabriel Zabal [mailto:gabriel@xxxxxxxxxxx]
> Sent: 21 August 2001 15:05
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: PC Anywhere on ISA
> Sensitivity: Confidential
>
> http://www.ISAserver.org
>
>
> Give a valid reason to cose PCAnywhere and NOT Terminal Services ?
> Even when you will have the packet filters blocking the access from the
> oustide, It`s very crazy to have running that on ISA.
> (that´s MY opinion)
>
> Gabriel Zabal
>
> -----Mensaje original-----
> De: Paul Gower [mailto:paul@xxxxxxxxxxxxxxx]
> Enviado el: Martes, 21 de Agosto de 2001 06:48 a.m.
> Para: [ISAserver.org Discussion List]
> Asunto: [isalist] PC Anywhere on ISA
> Carácter: Confidencial
>
> http://www.ISAserver.org
>
>
> Hi All
>
> Please don't laugh at this one!!!
>
> Is there a huge security risk in installing PC Anywhere on the ISA
> Server
> itself so that I can remotely connect to the ISA Server from my INTERNAL
> network only?  In fact, I only want to connect from one known IP number
> so
> that should be even more secure - I hope!
>
>
> I obviously don't want connections from outside of my network to be
> allowed,
> but I guess that should be simple to block.
>
> Any comments would be much appreciated.
>
>
>
> Regards
>
> Paul Gower
> Technical Director
> Paradisii Limited
>
> 64 High Street
> Lewes
> East Sussex
> BN7 1XG
>
> Tel: (01273) 470006
> Fax: (01273) 470007
> Mobile: (07973) 172650
>
> http://www.paradisii.co.uk
>
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> gabriel@xxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> paul@xxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
thor@xxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
david@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
david@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » PC Anywhere on ISA
• » RE: PC Anywhere on ISA
• » RE: PC Anywhere on ISA
• » RE: PC Anywhere on ISA
• » RE: PC Anywhere on ISA
• » RE: PC Anywhere on ISA
• » RE: PC Anywhere on ISA
• » RE: PC Anywhere on ISA
• » RE: PC Anywhere on ISA
• » RE: PC Anywhere on ISA
• » RE: PC Anywhere on ISA
• » RE: PC Anywhere on ISA
• » RE: PC Anywhere on ISA
• » RE: PC Anywhere on ISA

1. Home
2. isalist
3. Archive
4. 08-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---