My company's sysadmins use Timbuktu to access their Windows servers.
If they use NTLM authentication with Timbuktu, it would seem they're
secure to that point. But when they login to Windows, I would guess those
keystrokes could be sniffed off the network. Has anyone looked closely
enough at Timbuktu to know if that's true?
So if I wanted to improve this scenario, I'm thinking we could use two-
factor authentication or some sort of secure tunnel. VPN might not be
a big win since this traffic is all internal.
Would like to hear what strategy others are using to provide secure access
to Windows servers?
Thanks!
Jamey
------------------------------------------------------------------------
-----
FastTrain has your solution for a great CISSP Boot Camp. The industry`s most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-focus-ms
------------------------------------------------------------------------
------
My company's sysadmins use Timbuktu to access their Windows servers.
If they use NTLM authentication with Timbuktu, it would seem they're
secure to that point. But when they login to Windows, I would guess those
keystrokes could be sniffed off the network. Has anyone looked closely
enough at Timbuktu to know if that's true?
So if I wanted to improve this scenario, I'm thinking we could use two-
factor authentication or some sort of secure tunnel. VPN might not be
a big win since this traffic is all internal.
Would like to hear what strategy others are using to provide secure access
to Windows servers?
Thanks!
Jamey
------------------------------------------------------------------------
-----
FastTrain has your solution for a great CISSP Boot Camp. The industry`s most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-focus-ms
------------------------------------------------------------------------
------
[ reply ]