Wednesday, November 12, 2008

[THIN] Re: Terminal Session security question

Doug,

If you allow your users to run executables they will. Via email, web, ftp, from their fat disks, hey, telnet; someone will find a way.

 

Use GPO to allow only approved executables to run and you don’t need to worry about the rest.

 

I found this quite scary until I actually tried it, and then I just breathed easier.

 

Nick

 

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Jim Kenzig http://thin.ms
Sent: 11 November 2008 18:22
To: thin@freelists.org
Subject: [THIN] Re: Terminal Session security question

 

Nope just dhl.com will suffice.  Yeah they might be able to circumvent with an IP but if the site is set up right it should convert it to a domain and lock it out.
Jim Kenzig
Blog: http://www.techblink.com

On Tue, Nov 11, 2008 at 1:13 PM, Doug Rooney <Doug@sonomatilemakers.com> wrote:

Jim,

I was thinking of doing that, but for example DHL has several valid IP addresses for www.dhl.com, do I have to figure out and enter every valid possibility, and then how do I tell it everything else goes to 127.0.0.1, also if they type in an IP, I am guessing this will not work?

 

Thank You

-Doug Rooney
Sonoma Tilemakers
IT Systems Administrator
7750 Bell Rd.
Windsor Ca, 95492
(707) 837-8177 X11
(707) 837-9472 FAX
it@sonomatilemakers.com

 

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Jim Kenzig http://thin.ms
Sent: Tuesday, November 11, 2008 9:20 AM
To: thin@freelists.org
Subject: [THIN] Re: Terminal Session security question

 

Use the windows hosts file to control which urls they can and can't get to. Point the rogue sites to 127.0.0.1 and they will never get there
Jim Kenzig
Blog: http://www.techblink.com

On Tue, Nov 11, 2008 at 12:11 PM, Doug Rooney <Doug@sonomatilemakers.com> wrote:

 

 

************************************************

 

 

No comments: