Book HomeBuilding Internet FirewallsSearch this book
PreviousNext

2.5. Remote Access

There are many situations in which you would like to run a program on a computer other than the one that you're in front of. For instance, you may be in front of a slow computer because you're travelling with a laptop, or your other computer is a supercomputer, or you're using "thin clients" -- purposefully stupid computers -- in order to lower maintenance costs and get economies of scale. Originally, remote access meant some form of remote terminal access, which allows you to use character-based applications. These days, character-only access is rarely sufficient. Instead, you may need some form of remote graphics.

The general questions about remote access are the same for all methods:

2.5.1. Remote Terminal Access and Command Execution

Originally, programs that provided remote terminal access allowed you to use a remote system as if your computer were a directly attached terminal -- an old-fashioned terminal, capable of displaying and generating text. These days, there are computers that support remote terminal access without supporting genuine physical terminals, and there are many computers that can't do much with a text-only interface no matter how it's attached to them.

Telnet is the standard for remote terminal access on the Internet. Telnet allows you to provide remote text access for your users from any Internet-connected site without making special arrangements.

Telnet was once considered a fairly secure service because it requires users to authenticate themselves. Unfortunately, Telnet sends all of its information unencrypted, which makes it extremely vulnerable to sniffing and hijacking attacks. For this reason, Telnet is now considered one of the most dangerous services when used to access your site from remote systems. (Accessing remote systems from your site is their security problem, not yours.) Telnet is safe only if the remote machine and all networks between it and the local machine are safe. This means that Telnet is not safe across the Internet, where you can't reliably identify the intervening networks, much less trust them.

There are various kinds of authentication schemes for doing remote logins, which will automatically work with Telnet (in particular, see the discussion of one-time passwords in Chapter 21, "Authentication and Auditing Services"). Unfortunately, even if you protect your password, you may still find that your session can be tapped or hijacked; preventing it requires using an encrypted protocol.

There are two popular ways of doing this. First, you can simply replace Telnet with an encrypted remote terminal access program; the widely accepted Internet standard is the secure shell (SSH), which provides a variety of encrypted remote access services, but a number of other solutions are available. Second, you can create an encrypted network connection (a virtual private network, or VPN) and run normal Telnet across that. See Chapter 5, "Firewall Technologies", for a discussion of VPN techniques.

Other programs besides Telnet and SSH can be used for remote terminal access and remote execution of programs -- most notably rlogin, rsh, and on. These programs are used in a trusted environment to allow users remote access without having to reauthenticate themselves. The host they're connecting to trusts the host they're coming from to have correctly authenticated the user. The trusted host model is simply inappropriate for use across the Internet because you generally cannot trust hosts outside your network. In fact, you can't even be sure the packets are coming from the host they say they are.

rlogin and rsh may be appropriate for use within a network protected by a firewall, depending on your internal security policies. on, however, places all of its security checks in the client program, and anyone can use a modified client that bypasses these checks, so on is completely insecure for use even within a local area network protected by a firewall (it lets any user run any command as any other user). You disable on by disabling the rexd server, as we'll describe in Chapter 18, "Remote Access to Hosts". Fortunately, on is relatively rare these days; Windows NT, which provides rlogin and rsh clients, does not provide an on client.

2.5.2. Remote Graphic Interfaces for Microsoft Operating Systems

Although Windows NT provides clients for most of the remote execution services described previously, and servers for many of them are available as part of the resource kits or third-party products, remote terminal services in general aren't very interesting on Windows NT. While there are character-oriented programs that will allow you to do many administrative tasks, most of the programs people want to use are graphical.

Microsoft provides remote graphical interfaces as part of Windows 2000 servers, in a package called Terminal Services. This is also available for Windows NT 4 as a special Terminal Server edition of the operating system. Terminal Services and Terminal Server both use a Microsoft-developed protocol called Remote Desktop Protocol (RDP) to communicate between clients and servers.

A variety of other proprietary protocols are used for remote graphical interfaces to Windows, of which the most capable and widespread is Independent Computing Architecture (ICA) developed by Citrix. ICA has been licensed by a number of vendors, and a wide variety of clients and servers that use it are available, including multi-user Windows NT servers and Java-based clients that can run on any machine with a Java-enabled web browser. ICA plug-ins are available for Terminal Services and Terminal Server.

TCP/IP-based remote access is also available from almost every other remote access program in the Windows market, including LapLink, RemotelyPossible, and PcANYWHERE, to name only a few. There is also the controversial program BO2K, which is a freely available open source program that provides remote access. It is controversial because it is widely distributed as a tool for intruders, designed to provide remote access to outsiders; on the other hand, it is a full-featured and effective tool to provide legitimate remote access as well.

These programs differ widely in their security implications, although most of them are unfortunately insecure. For a full discussion of the issues and approaches, see Chapter 18, "Remote Access to Hosts".

2.5.3. Network Window Systems

Most Unix machines currently provide window systems based on the X11 window system. X11 servers are also available as third-party applications for almost every other operating system, including all versions of Microsoft Windows and many versions of MacOS. X11 clients are rarer but are available for Windows NT. Network access is an important feature of X11. As more and more programs have graphical user interfaces, remote terminal access becomes less and less useful; you need graphics, not just text. X11 gives you remote graphics.

X11 servers are tempting targets for intruders. An intruder with access to an X11 server may be able to do any of the following types of damage:

Get screen dumps
These are copies of whatever is shown on the users' screens.

Read keystrokes
These may include users' passwords.

Inject keystrokes
They'll look just as if they were typed by the user. Imagine how dangerous this could be in a window in which a user is running a root shell.

Originally, X11 primarily used authentication based on the address that connections came from, which is extremely weak and not suitable for use across the Internet. These days, most X11 servers implement more secure authentication mechanisms. However, just like Telnet, X11 is still vulnerable to hijacking and sniffing, even when the authentication is relatively secure, and solving the overall security problem requires that you encrypt the entire connection via SSH or a VPN solution.

PreviousHomeNext
2.4. File Transfer, File Sharing, and PrintingBook Index2.6. Real-Time Conferencing Services
Library Navigation Links

Copyright © 2002 O'Reilly & Associates. All rights reserved.