yet ANOTHER NSClient question

Mike McClure mmcclure at pneservices.com
Mon Nov 25 23:57:18 CET 2002

Previous message: yet ANOTHER NSClient question
Next message: Compile with MySQL support problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi JC,

You can certainly lock it down by using stunnel and SSL client certificates. 
There's a Win32 stunnel binary available.  That would take care of encryption and
authentication.

I wouldn't recommend using NSClient on an Internet-exposed Windows box without at
least that protection.  The passwords are sent in cleartext.

- Mike

> How secure is NSClient?
>
> I was asked this question this morning by the resident NT guru, since we're
> considering monitoring a few NT boxes which are already 'exposed' to the
> Wild Wild Net.
>
> All I can see is that NSClient has password support, but that pretty much
> any command (?) can be executed.
>
> Any suggestions on locking this down?  Or does this fall under the "I
> would't recommend it unless you're fond of rebuilding servers" school of
> thought?
>
> jc
>


-- 
Mike McClure, CCIE # 5125, CISSP # 30232
PNE Services, Inc. -  http://www.pneservices.com
mmcclure at pneservices.com
mobile: 913-636-5590



-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en

Previous message: yet ANOTHER NSClient question
Next message: Compile with MySQL support problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list