1 Remote Access Options to University Resources Samuel Petreski IT Security Office
2 Introduction What is Remote Access? Why use Remote Access? How many of you use Remote Access to Campus resources? Goal of today s presentation
3 Agenda Statistics of current applications used Remote access considerations Remote access options and best practice configuration FTP MyFiles VNC Remote Desktop Recommendations Q & A SSH/SFTP WebDAV SSL X Server VirtualDesktop
4 Statistics April 2007 Statistics November 2007 Statistics Remote Desktop SSH Servers FTP Servers VNC Servers X Servers Remote Desktop SSH Servers FTP Servers VNC Servers X Servers - 209
5 Remote access considerations Remote access creates vulnerability Extends University data beyond campus boundaries Strong user and computer authentication Data communication encryption Simple, flexible, and secure
6 Remote access options - FTP Access type Remote access to files Pros Simple to configure and use Faster than http FTP client available with most OSs Cons Unsecure plain text authentication & communication Best practice configuration Don t use it for private communication! Use SFTP
7 Remote access options SSH/SFTP Access type Remote access to the system and files Pros Simple to use Secure (encrypted) authentication and communication SSH and SFTP server configuration is the same Cons Special client required (included with most *nix systems) Some applications don t support the protocol Best practice configuration Allow access only to the users that needed
8 Remote access options SSH/SFTP
9 Remote access options SSH/SFTP Best practice configuration sshd.config configuration examples Protocol 2 PermitRootLogin no AllowedUsers spetresk <userid> MaxAuthTries 3 Inetd, iptables The Auto Blacklist Module: pam_abl (http://www.hexten.net/assets/pam_abl_doc/index.html) # /usr/local/etc/pam_abl.conf # debug host_db=/var/db/pam_abl/hosts.db host_purge=2d host_rule=*:10/1h,30/1d user_db=/var/db/pam_abl/users.db user_purge=1d user_rule=!spetresk!<user>/sshd:5/10m,30/1d
10 Remote access options SSH/SFTP University Resources H: drive Personal file space, Departmental Drive, DFS Host: sftp.iowa.uiowa.edu Available Applications SSH Secure Shell WS_FTP Pro OpenSSH Windows SFTP server CopSSH SSH Tectia
11 Remote access options MyFiles Access type Remote access to files stored on ITS file cluster Pros Accessible through a web browser Simple to upload and download files Secure (encrypted) authentication and communication Hawk ID authentication Cons Not accessible through applications Access https://myfiles.uiowa.edu/ Demo
12 Remote access options WebDAV SSL Access type Remote access to files Pros Simple to use Secure (encrypted) authentication and communication Many web edit applications support the protocol Cons Web server add-on for WebDAV support Default configuration without SSL Vista default configuration doesn t work Best practice configuration Make sure only WebDAV over SSL is enabled
13 Remote access options VNC Access type Pros Cons Remote access to the desktop Full access to desktop applications and files Freeware server/client applications available Cross-platform support Special client required for access Easy to mis-configure Not all VNC applications support encrypted communication Best practice configuration Allow access only to specific hosts Use an application that supports encrypted communication
14 Remote access options VNC Best practice configuration Always use a strong password If encryption is not supported, use SSH tunneling Available applications RealVNC (http://www.realvnc.org) UltraVNC (http://www.uvnc.com) Vine Server Mac OS X Many other flavors of VNC Demo
15 Remote access options X Server Access type Remote access to *nix systems Pros Full access to desktop applications and files Cons Special server/client required Easy to mis-configure Communication is not encrypted Best practice configuration Allow access only to specific hosts (xhost) SSH tunnel your connection
16 Remote access options Remote Desktop Access type Remote access to Windows host desktop Pros Full access to desktop applications and files Secure file transfer between client and remote host Part of the Windows XP/2003/Vista Operating System Encrypted authentication and communication Cons Easy to mis-configure Man-in-the-middle attacks
17 Remote access options Remote Desktop Best practice configuration Allow access only to specific hosts Allow only specific users to have access Install SSL Certificate on MS Terminal Server
18 Remote access options VirtualDesktop Access type Remote access to published applications Pros Accessible through a Web browser Encrypted authentication and communication Secure access to H: drive, and flexible file transfer Cons Thin client installation or Java required Only certain application available University Resources https://virtualdesktop.uiowa.edu/ https://desktop.healthcare.uiowa.edu/
19 Remote access options VirtualDesktop Demo
20 Recommendations Use a strong password Limit the range of hosts that can connect Use a server/client that supports encryption Keep your solution simple Use VirtualDesktop
Small Business Server Part 2 Presented by : Robert Crane BE MBA MCP firstname.lastname@example.org Computer Information Agency http://www.ciaops.com Agenda Week 1 What is SBS / Setup Week 2 Using & configuring SBS
Frank Isaacs Dr. Phil Lunsford ICTN 4040.601 22 April 2008 A Comparison of VNC Connection Methods Abstract VNC (Virtual Network Computing) is an open-source, cross-platform protocol for viewing GUI desktops
Eport & Backup Guide Welcome to the WebOffice and WorkSpace eport and backup guide. This guide provides an overview and requirements of the tools available to etract data from your WebOffice or WorkSpace
This video will look the different versions of Active Directory Federation Services. This includes which features are available in each one and which operating system you need in order to use these features.
Getting Started Guide Cloud Server powered by Mac OS X Getting Started Guide Page 1 Getting Started Guide: Cloud Server powered by Mac OS X Version 1.0 (02.16.10) Copyright 2010 GoDaddy.com Software, Inc.
WS_FTP Professional 12 Security Guide Contents CHAPTER 1 Secure File Transfer Selecting a Secure Transfer Method...1 About SSL...1 About SSH...2 About OpenPGP...2 Using FIPS 140-2 Validated Cryptography...2
O N L I N E S E R V E R B A C K U P Business-class Server Backup that allows you to remotely backup a server online. Features advanced compression and de-duplication to speed backups and minimize space.
What s new in AppliDis Fusion 4 Service Pack 3 Systancia Publication: November 2013 Summary This new AppliDis Fusion 4 Service Pack 3 version introduces significant new features and enhancements to the
Hardware and Requirements for Installing California.pro This document lists the hardware and software requirements to install and run California.pro. Workstation with SQL Server Recommended: 64-Bit Windows
Course Assessment Answers-1 Course Assessment The following multiple-choice post-course assessment will evaluate your knowledge of the skills and concepts taught in Internet Business Associate. 1. A person
FileMaker Server 13 FileMaker Server Help 2010-2013 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker and Bento are trademarks of FileMaker,
Security Overview Introduction ShowMyPC provides real-time communication services to organizations and a large number of corporations. These corporations use ShowMyPC services for diverse purposes ranging
WS_FTP Server WS_FTP Server Installation and Configuration Guide Contents CHAPTER 1 Introduction What is WS_FTP Server?...1 WS_FTP Server product family...1 New in WS_FTP Server 7.5...2 For more assistance...3
LogMeIn Backup Getting Started Guide Contents Getting Started with LogMeIn Backup...3 About LogMeIn Backup...3 How does LogMeIn Backup Work, at-a-glance?...3 About Security in LogMeIn Backup...3 LogMeIn
Iomega EZ Media and Backup Center User Guide Table of Contents Setting up Your Device... 1 Setup Overview... 1 Set up My Iomega StorCenter If It's Not Discovered... 2 Discovering with Iomega Storage Manager...
Pros 4 Technology Online Backup Features Introduction Computers are the default storage medium for most businesses and virtually all home users. Because portable media is quickly becoming an outdated and
Media Control Server MCS-EX Integration Guide for RTI Control Systems Version 2.0-1 - Table of Contents Overview... 3 Setting up MCS for RTI Control.... 5 Requirements.... 5 Preparation.... 5 Programming
Release Version 3 The 2X Software Server Based Computing Guide Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless
CONNECT to Outlook ProductInfo A strong team: DocuWare and Microsoft Outlook Use CONNECT to Outlook to quickly store your email directly into DocuWare from MS Outlook. You can also easily search and access
Loadbalancer.org Appliance Setup v5.9 This document covers the basic steps required to setup the Loadbalancer.org appliances. Please pay careful attention to the section on the ARP problem for your real
Windows Phone 8 Security Overview This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows Phone 8 and understand how it can play a role in their organizations.
Getting Started Guide Simple Control Panel for your Linux Server Getting Started Guide Page 1 Getting Started Guide: Simple Control Panel, Linux Server Version 2.1 (02.01.10) Copyright 2010. All rights
FileMaker Server 12 FileMaker Server Help 2010-2012 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker is a trademark of FileMaker, Inc.
F5 BIG-IP DATASHEET What s Inside: 2 Improved User Experience 3 Network Access 5 Application Access Secure Access to Specific Applications 6 Portal Access Proxy-Based Access to Web Applications, Files,
SRA 6.0 User s Guide 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential damage to hardware
JAMF Software Server Installation and Configuration Guide for OS X Version 9.0 JAMF Software, LLC 2013 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts to ensure that this guide
1221 John Q. Hammons Drive Madison, WI 53717 P.O. Box 44966, Madison, WI 53717 P: 608.826.2400 TF: 800.366.9091 F: 608.831.4243 www.sva.com Introduction Computers are the default storage medium for most