PC Anywhere concerns

[gazzak]

I think you'll understand what I'm trying to say here so....

An ex-colleague of mine now works for a small company with one NT4 Server, single domain network. Only 10 of them in the building. They have an ADSL link to the internet going via a 2nd network card in the server and some good firewall/router software. They also have PC anywhere running so that they can access the server from the internet using the same software from home. They have the appropriate 2 ports open on the firewall to access pcanywhere and they say it works OK.

What concerns me is that the 2 ports they use are the default ports for pcanywhere, and are obviously well known ports by (suspicous?) people. They have password protected the pcanywhere accounts but that's it. Something about this setup has me nervous, so I wanted to get some opinions from the good people here at Windrivers because my use and knowledge of pcanywhere is minute.

Are they at risk leaving these 2 well known ports open?
Is this setup something anyone here uses, accessing servers directly from the internet?

Any opinions welcome!

[Diver01]

I think you'll understand what I'm trying to say here so....

An ex-colleague of mine now works for a small company with one NT4 Server, single domain network. Only 10 of them in the building. They have an ADSL link to the internet going via a 2nd network card in the server and some good firewall/router software. They also have PC anywhere running so that they can access the server from the internet using the same software from home. They have the appropriate 2 ports open on the firewall to access pcanywhere and they say it works OK.

What concerns me is that the 2 ports they use are the default ports for pcanywhere, and are obviously well known ports by (suspicous?) people. They have password protected the pcanywhere accounts but that's it. Something about this setup has me nervous, so I wanted to get some opinions from the good people here at Windrivers because my use and knowledge of pcanywhere is minute.

Are they at risk leaving these 2 well known ports open?
Is this setup something anyone here uses, accessing servers directly from the internet?


Any opinions welcome!

I use PCAnywhere on a regular basis and have set it up mostly through Software filrewalls such as ZoneAlarm and Zonealarm PRO. I am assuming that they are using a Hardware firewall? If so can they just tell their HWFirewall to open those ports for PCAnywere exclusively as you can do with ZoneAlarm? This would be a much more secure setup than just opening your ports to everything...

[gazzak]

I use PCAnywhere on a regular basis and have set it up mostly through Software filrewalls such as ZoneAlarm and Zonealarm PRO. I am assuming that they are using a Hardware firewall? If so can they just tell their HWFirewall to open those ports for PCAnywere exclusively as you can do with ZoneAlarm? This would be a much more secure setup than just opening your ports to everything...

They only have a software firewall/router called winroute pro V4.2.4. The 2 ports for pcanywhere are always open, but that's all.

[CeeBee]

If their home addresses are (almost) static then set some address groups in winroute and only allow the connection to the pcanywhere ports if the source addresses are in those groups. This is what I do at home, only connections from my work IP address are accepted.

[confus-ed]

They only have a software firewall/router called winroute pro V4.2.4. The 2 ports for pcanywhere are always open, but that's all.

Winroute is the 'professional' product by the chappies from Kerio ... you can definately do what was said earlier, that is only allow traffic from & to certain Ips for a restricted port range ... Here's a link with a piccy that shows you how

[Diver01]

I downloaded a copy of it just to play with and CeeBee and confu_sed are correct. I didn't see any place to set up application specific rules for Ports ect...

[gazzak]

Bit of confusion here. It all works fine, no probs. Ports can be opened and closed, rules can be set etc. I just wondered if anyone was concerned about accessing a server directly from an internet connection through a known port.

Seems not so far

[craigmodius]

I don't worry too much about it for my network.

just make sure you set strong passwords, setup pc anywhere logging, and you can tell the connection to use PCAnywhere level encryption and to deny a lower level.

Also PCAny version 10.5 and higher have a host assessment tool which can give some other pointers to help ease your worries

[Snowbound67]

Well,

I have used PCAnywhere 10.5 for about a year, and I had the same concerns you do. I see by the replies that I did what most do. Strong passwords, Turn the Encryption ON, but I also changed the standard ports that PCA uses... I think the defaults are 5639/5640 if my memory serves me right. I just changed those a bit in the Host Mode I set up (and the forwarding on my router so that they match the PCA), and as long as I remember what they are when I setup a Remote Connection, Bob is most certainly my uncle. I feel that it is less likely someone can have a go at hacking my PCA if I use my slightly non-standard ports... maybe I smokin something, but it makes me feel as if I have tried to secure my connection as best as possible.

[confus-ed]

... and I had the same concerns you do. I see by the replies that I did what most do. Strong passwords, Turn the Encryption ON, but I also changed the standard ports that PCA uses... I think the defaults are 5639/5640 if my memory serves me right. I just changed those a bit in the Host Mode I set up (and the forwarding on my router so that they match the PCA), and as long as I remember what they are when I setup a Remote Connection, Bob is most certainly my uncle. I feel that it is less likely someone can have a go at hacking my PCA if I use my slightly non-standard ports... maybe I smokin something, but it makes me feel as if I have tried to secure my connection as best as possible.

Ahhh I see now said the blind man ... we aren't concerned about having open ports or resticting them 'extra' somehow ... what we are concerned about is having 'known' (to hackers) ports open ... so in answer I'll say that happens all the time ! - certain applications use known ports, no room for debate there, so do like it says above ! ... 'cos fanny's my aunt as well ...

At the end of the day whatever application you are using on ANY port ought to be 'robust' enough to handle the effects of any attempted hacking, else you don't want to be using it ! ... however you can help it out a bit

[gazzak]

Thanks everyone for the replies, much appreciated and helpful as always.