Tech Support Guy banner
Status
Not open for further replies.

server 2003

1K views 15 replies 4 participants last post by  sexnage 
#1 ·
I need help setting up a security level for oa server that runs windows 2003 R2. Here is the scenario.

In the company where I work we all access our server via telnet. However, we have an outside company that does our collections and they need access to our server, via remote terminal or telnet which they have. But We just found out that an employee has been accessing our system on weeekends and I need to know how to setup the system so that when an outsider wants to access it ask for a login and Password. This way only assigned users will have access to our system. But the way the system is now, anyone with the right ip address can access our system via telnet.


Any help pleaseeeeeeeeeee



Thank you very much

Jaime
 
#3 ·
Thank you John, I remembered you helping me in the past with other issues, so thank you. Yes telnet uses a password and user name. The problem is that the employee go hom and from their pc. they go to telnet. enter our server ip address and they enter they user and pw. and it will grant them permission. What I need to do is to be able to stop the outsider by connecting with telnet unless they have the server password.

Make sense? See I can connect to my company server with telnet using my loging name and password and I can do whatever I want. This is not what I want, I want to setup another set of security so the employees dont access from home Unless I let them.

Please let me know if I make sense

Thank you
Jaime
 
#4 ·
OK, now I get it. I don't have a ready answer to that, but I'd probably be looking at a 3rd party Telnet client that has more security options. I don't have any in mind, just an idea that popped into my head. :)
 
#5 ·
Thank you JohnWill. For example you know when you work for the school and you try to access the server, it ask you for your User and PW. Something like that is what I am looking for, do you know any program that I can buy ??? thank you John

Jaime
 
#6 ·
I don't offhand, but I know the functionality you're thinking of. Probably some gateway of some type, perhaps an application running on the server that all the requests go through first?
 
#9 ·
Yeah I dont think so either. But it has to be something a third party software that will do it. Like I shouldn't be able to access no one server unless I have the server ID and PW even if I have telnet access right? I just dont know where to look for anymore. And it worries me cause any employee can access our system from outside and do malicious things.

Thank You John I really appreciate it your responses to this issues.


Jaime
 
#10 ·
Of course, there are hardware gateway products that will do this, and they'll allow you to have multiple accounts with schedules for each account.

I'll bet that zx10guy here has an exact make/model on the tip of his tongue, maybe he'll chime in here. :)
 
#13 ·
Hi. John pointed me to this thread to see if I can help out.

Based on what I'm reading, you have your server directly connected to your ISP connection or you have a generic port forward set up to allow telnet to the server through a firewall. Let me begin by saying, if you have the option, never ever use telnet. It's an old protocol and horribly insecure. Everything you do in a telnet session is in clear text. This means when you send your user name and password....all of that is readable if the packets are captured. So maybe you can describe what users are doing on their telnet sessions and maybe we can come up with a better method of providing remote connectivity.

Other than that, if you want an independent way of ensuring authentication for those users you want to have remote access, you can use a VPN end point device and have users load a VPN client onto their remote PCs. You also need to enable X-Auth on the VPN end point router. This makes the remote user need to authenticate themselves to finish bringing up the tunnel. Some VPN end point routers do not have very robust internal user databases, so make sure the router in question does what you need it to. Some VPN routers/firewalls will check with an LDAP, Kerberos, Radius, etc, server to do user authentications. If you are looking to do this option, make sure you set up a group which is for remote VPN users and populate this group with the users you want to allow remote access.

Cisco firewalls support all of the above.
 
#16 ·
Thank you guys for your support. The first thing I will need to do is to replace the router, I have a linksys router and I am sure this one does not support vpn. SO what should I get? any brand??? Also I completely agree with you in the using of Telnet. How do I disable it???

Thank you Guys, I really appreciate the time and effort you all put on to help us.

Jaime
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top