RemoteDesktop.com

Desktops in The Cloud

Archive for category Security

Apple Remote Desktop 3.3 Released

Aug 23

Posted by admin in Apple, Security | No Comments

Improvements

  • Improves support for accessing client computers and task servers behind NAT (Network Address Translation) routers.
  • Includes Task Server and Directory Server scanners, for finding client computers known by your task server and clients in computer groups on a directory server.
  • New “Reporting” tab in client computer Info window, to set a single reporting policy for the client computer, shared by all Remote Desktop administrator computers.
  • New “Administrators” tab in client computer Info window, to display and control which admin computers and task servers are associated with each client computer.
  • Client settings configurable by Managed Preferences in Workgroup Manager.
  • Support for finding and adding client computers via wide-area Bonjour.
  • Resolves an issue using Lock Screen or Curtain mode on a client computer that’s at the login window.
  • Improves stability when running Remote Desktop Admin on a Task Server.
  • Resolves an issue that could cause build_hd_index files to become very large.
  • Improves compatibility with the Application Firewall.
  • Change Client Settings task now works when the Remote Desktop administrator has an Active Directory account.
  • Improves client stability when Sharing Screen.
  • Scheduled UNIX Commands stay scheduled.
  • When controlling a remote client, function keys and key combinations for actions such as Force Quit, Log Out, and the Application Switcher are now all sent to the remote computer.
  • Improves screen sharing performance with RealVNC.
  • Improves performance of encrypted file copies.
  • Improves performance of encrypted screen sharing connections

For more information see the Apple Remote Desktop Administrator Guide available online.

Tags: , , , , , ,

BIND Still Vulnerable

Aug 10

Posted by admin in Apple, Linux, Microsoft, Security, Terminal Server | No Comments

Looks like Russian Hacker Evgeniy Polyakov has successfully poisoned the latest version of BIND which was supposed to have been patched in that massive, coordinated release.  The release was supposed to randomize the ports to make it much more difficult to poison.  Using Evgeniy Polyakov’s exploit code and some common hardware, it took 10 hours.  Yikes.

The New York Times article by John Markoff has more details.

Tags: , , , , , ,

Bagle’s Back?

Jul 4

Posted by admin in Microsoft, Security | 1 Comment

We’re seeing a lot of recent activity related to an (unconfirmed) version of the 4 year old Bagle virus.  The impact is the blacklisting of IP subnets — and it’s unpleasant to say the least.

Essentially users get infected with the Bagle virus and it collects personal favorites including FTP URLs, usernames and passwords.  Spammers then run scripts which test the FTP connections and drop files like:

ftpchk3.php
ftpchk3.pl

which test functionality on the target website.  Their bot then covers its tracks by deleting the files.  Several days later, new files are uploaded to the site, which can include:

hot_video.exe
index1.php
index6.html
load.php
logs.txt
movie.gif
pindex.php

The file hot_video.exe contains the trojan horse Downloader.Tibs.9.V.  As soon as the above mentionned files are uploaded to the FTP of the site, SPAM starts to go out using the host server’s domain name and referencing the URL to the files uploaded by FTP.

The end result is most likely the blacklisting of your entire IP class, not by the RBLs, but by internal corporate networks.  A serious pain in the ass because there is no centralized location to verify and then delist your addresses like there is for RBLs.

Tags: , , , , ,

Switch and the SuperNAP

May 26

Posted by admin in Performance, Security, Terminal Server | 1 Comment

So finally someone comes up with a cooling solution that makes perfect sense to me…and implements it.

Everyone is talking about the SuperNAP by Switch Communications that is supposed to be one of the largest and most efficient datacenters produced to-date, beating the likes of Microsoft and Google in terms of capacity per square foot.

Everyone is linking to Ashlee Vance’s articles in The Register (here and here) about 8-year old Switch Communications which has gone unheard of for all these years until now.  The gist is that they aquired Enron’s pipe-dream of “bandwidth as a commodity” datacenter for next to nothing and in doing so inherited the ideal foundation for colocation services.  They picked up military contracts and other, shall we say “big-time, low-key” customers, and built a business on it.

I have to say, I like what I’ve seen so far.

The two things that stand out are the use of ex-military personnel for security, the very presence of the actual military in the building, and their method of cooling, part of their success in the capacity-per-square-foot department.

In most datacenters the onsite security amounts to nothing more than a (sometimes) convenience to customers, scarecrow for security, and an eye witness account of what happened but couldn’t be prevented.  Ex-military with big guns tends to produce a different outcome.  Burst through a wall with your little tazor and be ready to be blow to Kingdom Come by the datacenter Rambo. The presense of the actual military gives you the upper in hand in early warning for world-wide events and threats.

And finally, with respect to cooling scenarios that never made any sense to me, we finally have a company designing a front room and a back room — it was about time.  The “front room” provides access to the front of the cabinet where you insert your servers and (I assume) plug any gaps with filler plates.  Cold air is pumped into the room from above and is completely isolated from the rear of the cabinet.  The “back room” is dedicated to managing hot air that is collected from above and cycled through the system.  Brilliant, if not obvious.

To top it off, they have four (4) different methods of cooling available to them, and they choose amongst the four (sometimes using two at a time) to most efficiently cool the equipment.  Again, brilliant, if not obvious.

The last bit to catch my eye was the use of color.  They color code the equipment and locations and then designate which color can be worked on during a given period.  All of the equipment is redundant and each component of the redundant system is in each of the colors.  Therefore they reduce the chance of human error by controlling which color can be maintained on that day.  Brilliant, again.

In any event, it makes a really good read and I would highly recommend Ashlee’s articles.  I can’t think of a better place for mission-critical remote desktop solutions.  Let’s see who else can catch up to Switch now that the bar has finally been raised.

Tags: , , , , , ,

New Remote Desktop Wiki

May 4

Posted by admin in Apple, Citrix, Linux, Microsoft, Performance, Security, Terminal Server | No Comments

Most of the information that is being collected for remotedesktop.com is more efficiently presented as a Wiki rather than a blog.

You can visit our new Wiki at:

http://wiki.remotedesktop.com/

Patriot Act Considerations

Mar 24

Posted by admin in Apple, Citrix, Linux, Microsoft, Security, Terminal Server | No Comments

The Globe and Mail is carrying a very interesting story on the dilemma the U.S. Patriot Act is causing customers of hosted solutions.  The article outlines privacy issues whenever a U.S. based corporation maintains customer data and that data, through the U.S. Patriot Act, becomes available to the U.S. authorities.

This applies to remote desktops and the file servers or SANs that serve them.

As a Canadian-based managed solutions provider, we have already been asked by our U.S. Customers to maintain separate servers in our Canadian datacenters to appease Canadian customers who refuse to have their data travel to the U.S. and be at risk of being divulged through the Patriot Act.  This is not a question of preference or unlawful activity, the U.S. Patriot Act is at odds with Canada’s privacy laws which require organizations to protect private information, and requires that they inform individuals when their data has been shared.

The article truly outlines a very current dilemma for providers of remote desktops and Terminal Services.

Tags: , , , ,