[THIN] Re: Terminal Session security question
- From: "Doug Rooney" <Doug@xxxxxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 12 Nov 2008 06:55:54 -0800
Nick,
They do need to run Firefox to access the Internet, for FedEx, UPS and
DHL, they also need to run many compiled Crystal Reports. They do not
have e-mail, ftp and telnet are locked down at the firewall, incoming
and outgoing, and the terminals have no disk drives or usable USB ports,
so I think if we restrict the IPs, it will help, but I would like to do
some things in the GPO, I just do not have the knowledge on how, so I
don't as I do not want to totally screw up my AD. Can you recommend a
resource for learning? I came from a Unix world. J
Thank You
-Doug Rooney
Sonoma Tilemakers
IT Systems Administrator
7750 Bell Rd.
Windsor Ca, 95492
(707) 837-8177 X11
(707) 837-9472 FAX
it@xxxxxxxxxxxxxxxxxxxx
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Nick Smith
Sent: Wednesday, November 12, 2008 2:16 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Terminal Session security question
Doug,
If you allow your users to run executables they will. Via email, web,
ftp, from their fat disks, hey, telnet; someone will find a way.
Use GPO to allow only approved executables to run and you don't need to
worry about the rest.
I found this quite scary until I actually tried it, and then I just
breathed easier.
Nick
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Kenzig http://thin.ms
Sent: 11 November 2008 18:22
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Terminal Session security question
Nope just dhl.com will suffice. Yeah they might be able to circumvent
with an IP but if the site is set up right it should convert it to a
domain and lock it out.
Jim Kenzig
Blog: http://www.techblink.com
On Tue, Nov 11, 2008 at 1:13 PM, Doug Rooney <Doug@xxxxxxxxxxxxxxxxxxxx>
wrote:
Jim,
I was thinking of doing that, but for example DHL has several valid IP
addresses for www.dhl.com, do I have to figure out and enter every valid
possibility, and then how do I tell it everything else goes to
127.0.0.1, also if they type in an IP, I am guessing this will not work?
Thank You
-Doug Rooney
Sonoma Tilemakers
IT Systems Administrator
7750 Bell Rd.
Windsor Ca, 95492
(707) 837-8177 X11
(707) 837-9472 FAX
it@xxxxxxxxxxxxxxxxxxxx
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Kenzig http://thin.ms
Sent: Tuesday, November 11, 2008 9:20 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Terminal Session security question
Use the windows hosts file to control which urls they can and can't get
to. Point the rogue sites to 127.0.0.1 and they will never get there
Jim Kenzig
Blog: http://www.techblink.com
On Tue, Nov 11, 2008 at 12:11 PM, Doug Rooney
<Doug@xxxxxxxxxxxxxxxxxxxx> wrote:
************************************************
Other related posts:
