[windows2000] Re: Remote Assistance/Desktop

  • From: "Daniel Ensor" <densor@xxxxxxxxx>
  • To: <windows2000@xxxxxxxxxxxxx>
  • Date: Wed, 9 Nov 2005 15:31:29 -0000

Thank god, well I know hard outside soft inside isn't a good model these
days but there is always a trade off between functionality and security.
We run IPSEC internally and all thin clients are running 128bit, I have
a script which checks all the logs for vnc service events daily
(something gencontrol always creates) you also have to have admin rights
(yes I know you can obtain these but...) so if you're all good there
then I would open that port... it depends how much you need to be able
to do it I guess... 
The way I see it is if any hacker is getting in and is worth their salt
the last thing they're going to do is run a VNC session onto a users
machine, the intrusion would be detected by admins reasonably quickly so
where's the fun in that. Far better to sit on your routers and misdirect
packets, hide exploits on your HP printers flash memory and run jack the
ripper on your accounts and log in legitimately... but maybe they would
log onto a users XP box and change the background on the desktop ;)


From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Dogers
Sent: 09 November 2005 15:16
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Remote Assistance/Desktop

God no, not the company firewall!

I mean XP's :)

We have it enabled by default as a CYA if any accidents happen ;)


On 09/11/05, Sorin Srbu <sorin.srbu@xxxxxxxxxxxxx> wrote: 

        Dogers <> scribbled on Wednesday, November 09, 2005 3:44 PM:
        I know what you mean...
        Anyway, I wouldn't unblock the VNC ports in the company firewall
if I
        were you, and that's what you mean?
        VNC is well-known to crackers and hackers... Granted, you can
lock it
        down using white-lists and stuff, but I'd still rather see a way
        initiate a mail-remote-desktop-session and yadda, yadda, yadda,
using an
        already built-in program. I really with Microsoft could point
its wand 
        over the rdp-clients and do some magic. 8-/
        > Yeah, I remember you asking, was hoping we had found an
answer! Guess
        > bah!
        > Whats annoyed me is just now we tried doing one WITH an invite
and it 
        > wanting to kick the user off anyway!
        > Will have to get VNC unblocked on the firewall I guess :(
        > Andrew
        > On 09/11/05, Sorin Srbu < sorin.srbu@xxxxxxxxxxxxx
<mailto:sorin.srbu@xxxxxxxxxxxxx> > wrote:
        > Dogers <> scribbled on Wednesday, November 09, 2005 3:38 PM:
        > I asked the same thing a while back, but didn't really come
        > conclusion. Anyway, I'd like to do this too. 
        >> Anyone know if theres a way to connect to an XP machines
        >> without logging off the current user? I know the user can
send an
        >> and ask you to connect, but is there a way to connect without
        >> sending the initial invite?
        New Site from The Kenzig Group!
        Windows Vista Links, list options
        and info are available at:
        To Unsubscribe, set digest or vacation
        mode or view archives use the below link.

Visit the new FDL web - site designed to serve you better-
http://www.fdl.co.uk This message has been sent from Fuerst Day Lawson Ltd
and confirms that the email has been scanned and to the best of our
knowledge is free from virus infection. The unauthorised use, disclosure,
forwarding or copying of this message and any attachments is strictly
prohibited. If you have received this message in error, please email
moderator@xxxxxxxxx This message and any attachments, which are confidential
and may be privileged, are for the use of the addressee(s) only. The views
and opinions expressed in this email message are the author's own and may
not reflect the views and opinions of Fuerst Day Lawson Ltd. 

Other related posts: