In addition to the other comments made, I would HIGHLY suggest changing the port number used by pcAnywhere as well. You can find instructions for doing so on Symantec's website (basically, you make a change in the registery). By changing the port number you minimize the risk that a hacker would associate the open port with pcAnywhere.
Simply create a new service on the SonicWall named pcAnywhere (using the port number you finally decide upon) and redirect that service to whichever machine, on your internal LAN, is hosting. Again, at a MINIMUM make sure you have encryption turned on within pcAnywhere, choose to drop non-encrypted sessions, and TURN ON LOGGING so that you can monitor any connectivity attempts. I would also suggest changing that port number on a monthly or quarterly basis! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 02, 2002 3:35 AM Subject: [PERIODIC sonicwall DIGEST POSTING] ===================================================== Date: Fri, 01 Mar 2002 11:58:48 -0500 From: Chris Hunt <[EMAIL PROTECTED]> Subject: [SonicWALL]- pcAnywhere Reply-To: [EMAIL PROTECTED] IAgainest my better judgement ;) I need to open up PCanywhere to a server on my LAN. I think will need to be a 1-to-1 NAT and then the two ports pcAnywhere uses. Anyone see a problem with this? Chris --- [This E-mail scanned for viruses by Declude/F-Prot Virus] ===================================================== From: John Dean <[EMAIL PROTECTED]> Subject: RE: [SonicWALL]- pcAnywhere Date: Fri, 1 Mar 2002 11:07:42 -0600 Reply-To: [EMAIL PROTECTED] I've had to do this for a couple as well. I tried to minimize the risks by using the encryption features that PC Anywhere offers, but again, I've always wondered what real risks this entails, since I hear about FTP, WWW, SMTP, and so many other standard services and their vulnerabilities, but I never hear much about threats to PC Anywhere on the lists I subscribe to. One option would be to use VPN through the sonicwall to connect and just use PC Anywhere internally as you would from any station on the LAN, which is the way I prefer to do it for my business. Fortunately I haven't come up with the need to translate PC Anywhere ports here in my own network yet. But on my home server I have PC Anywhere running, just a software firewall in place, and would love to hear some information regarding the threat assessment of having pc anywhere running in various scenarios, or hear from people who have actually had attacks against them. John -----Original Message----- From: Chris Hunt [mailto:[EMAIL PROTECTED]] Sent: Friday, March 01, 2002 10:59 AM To: [EMAIL PROTECTED] Subject: [SonicWALL]- pcAnywhere IAgainest my better judgement ;) I need to open up PCanywhere to a server on my LAN. I think will need to be a 1-to-1 NAT and then the two ports pcAnywhere uses. Anyone see a problem with this? Chris --- [This E-mail scanned for viruses by Declude/F-Prot Virus] ======================================================================== ==== ======================= To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- [This E-mail scanned for viruses by Declude/F-Prot Virus] ===================================================== Subject: Re: [SonicWALL]- pcAnywhere From: [EMAIL PROTECTED] Date: Fri, 1 Mar 2002 11:13:10 -0600 Reply-To: [EMAIL PROTECTED] No problem at all. Just make sure that you set up pcAnywhere to use the highest encryption available to it, and to deny any requests that fall below the level you specified. Also either allow only users you specify from your NT domain to login to the pcAnywhere machine, or create different username/password combination for those people,requiring them to enter two sets of credentials in case they may have shared their domain password with other employees. And you may want to disable the live update option, and perform any sw updates manually. I remember reading not too far back about a possible live update remote exploit in case the attacker had control of a dns server. Not terribly likely, but it pays to be paranoid. Instead of pcAnywhere, you may want to implement a VPN solution instead. Just depends on what you want/need to do. Hope this helps. Cavell McDermott Domino Admin APW Ltd. - Texas Campus 214-343-1400 - Main 214-355-2022 - Direct 214-341-9950 - Fax http://www.apw.com Chris Hunt <[EMAIL PROTECTED] To: [EMAIL PROTECTED] m> cc: Sent by: Subject: [SonicWALL]- pcAnywhere sonicwall-owner @peake.com 03/01/2002 10:58 AM Please respond to sonicwall IAgainest my better judgement ;) I need to open up PCanywhere to a server on my LAN. I think will need to be a 1-to-1 NAT and then the two ports pcAnywhere uses. Anyone see a problem with this? Chris --- [This E-mail scanned for viruses by Declude/F-Prot Virus] ======================================================================== =========================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- [This E-mail scanned for viruses by Declude/F-Prot Virus] ===================================================== Date: Fri, 01 Mar 2002 12:43:33 -0500 From: Chris Hunt <[EMAIL PROTECTED]> Subject: Re: [SonicWALL]- pcAnywhere Reply-To: [EMAIL PROTECTED] Thanks Cavell and John. I need to use pcA as that is what the software supplier uses. Anything has got to be better that having them log in with a modem! ;) Chris At 11:13 AM 03/01/2002 -0600, you wrote: > No problem at all. Just make sure that you set up pcAnywhere to use > the highest encryption >available to it, and to deny any requests that fall below the level you >specified. Also either >allow only users you specify from your NT domain to login to the >pcAnywhere machine, or create >different username/password combination for those people,requiring them to >enter two sets of >credentials in case they may have shared their domain password with other >employees. And you may >want to disable the live update option, and perform any sw updates >manually. I remember reading not >too far back about a possible live update remote exploit in case the >attacker had control of a dns >server. Not terribly likely, but it pays to be paranoid. --- [This E-mail scanned for viruses by Declude/F-Prot Virus] --- [This E-mail scanned for viruses by Declude/F-Prot Virus] =================================================================================================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
