Tunneling to Shared Resources

Today, many companies share networked resources. File shares on UNIX servers are mounted on remote systems using the Network File System (NFS) and SAMBA protocols. Databases like Microsoft Access and SQL Server interface with ODBC drivers to answer queries issued by ODBC clients. Users remotely access Concurrent Versioning System (CVS) source code repositories using terminal emulators and GUI front-ends like WinCVS.

Each shared resource is a business asset that must be protected from Denial-of-Service (DoS) attacks, loss, malicious modification, and unauthorized access. OS security measures - Windows and *NIX file system read/write privileges, user names, and passwords - control access. However, they do nothing to preserve data privacy and integrity when shares are accessed remotely.

A common example is the corporate teleworker with cable modem Internet access. A teleworker that uses the built-in Client for Microsoft Networks to share files between home and office PCs unwittingly exposes these shares to every neighbor on the same cable passing. Because cable is an "always on" technology, would-be attackers have plenty of time to perform a dictionary attack, discovering share user names and passwords. Thus armed, the attacker can break into shares and servers on the corporate network that are accessible with the same credentials.

Another resource shared or accessed remotely is the home or office desktop. Screen sharing can be accomplished with remote control software like Symantec pcAnywhere, AT&T Labs VNC, Microsoft NetMeeting, Windows XP Remote Desktop Assistance, and Windows NT/2000 Remote Desktop Protocol (RDP) client, and Terminal Services. Unauthorized remote control has long been a security concern for enterprise administrators. Because these solutions are free/inexpensive and easy to deploy, workers install them for convenience without first addressing the inherent risk to their computers and the network.

Secure Shell tunneling can provide strong uniform authentication, access control, and privacy for shared files and desktops. Instead of leaving RDP or VNC ports open for exploit, tunneling multiplexes these non-secure streams onto a single Secure Shell session. User credentials can be checked and access granted at the one place completely under the enterprise administrator's control: the Secure Shell server.

<< Tunneling over the Intranet

How Secure Shell Tunneling Works >>

A standard database access method developed by Microsoft Corporation. The goal of ODBC is to make it possible to access any data from any application, regardless of which database management system (DBMS) is handling the data.

A folder or set of folders that can be mounted as a remote volume.


	Products	Downloads	Purchase	Support	About Us
	VShell Server	VShell Server	Buy Direct	Evaluation	Contact
	SecureCRT	SecureCRT	License Pricing	Updates Policy	Press Releases
	SecureFX	SecureFX	About Encryption Export	FAQs	What's New
	VanDyke ClientPack	VanDyke ClientPack	Orders FAQ	Tips & How-Tos	Customer Stories
	Beta Software	Beta Software	Resellers	Forums	Secure Solutions
Site Map \| Legal Notices \| Privacy Policy \| Refund Policy VShell, SecureCRT, SecureFX, Entunnel, CRT, and AbsoluteFTP are trademarks or registered trademarks of VanDyke Software, Inc. in the United States and/or other countries. All other trademarks or registered trademarks are the property of their respective owners. Copyright © 1995 - VanDyke Software, Inc. All rights reserved.

About Encryption Export

Site Map | Legal Notices | Privacy Policy | Refund Policy

VShell, SecureCRT, SecureFX, Entunnel, CRT, and AbsoluteFTP are trademarks or registered trademarks of VanDyke Software, Inc. in the United States and/or other countries. All other trademarks or registered trademarks are the property of their respective owners.