I can think of a few possibilities:
Depending on what firewall product you are using you could build one
up locally and set it up so it works with TSC and then dump it's
configuration to the hosted server, if this is too dificult you may
also be able to use something along the lines of Ghost AutoInstall to
build an installer package with all the required configuration in it.
Alternatively if the firewall product had a default configuration of
"ALLOW ALL OUT" which many do (or you could set it up as such) then
script a reverse connection out of the server using VNC (as suggested
by Aaron) running your VNC client in "listen mode".
If you are using a firewall product that has remote administration
capability (for instance Kerio) you could use that to allow your TSC
connections through.
As for gotomypc.com I wouldn't trust them myself.
If you do use them, after completing the firewall configuration I
would go through the standard procedures you would for systems that
have been breached i.e. change admin passwords and so fourth.
Regards,
Morgan
On 7/13/05, Aaron Thomas <athomas@deltacable.com> wrote:
Sorry, meant for this to go to the list as well.
Aaron
-----Original Message-----
From: Aaron Thomas
Sent: Tuesday, July 12, 2005 3:18 PM
To: 'spod'
Subject: RE: Remotely Installing a Firewall via TSC - Help!
Not to promote something such as this, but it came to mind. Something like
Go To My PC (www.gotomypc.com) might work. It initiates
the connection through the firewall out, and it is handled through a central
server. It might get you past that problem.
Also forcing VNC to connect OUT to you (in listen mode I think) may be a way
to go.
I have no experience in either of these, but it might be something for you to
try.
Cheers,
Aaron
-----Original Message-----
From: spod@hotmail.com [mailto:spod@hotmail.com]
Sent: Tuesday, July 12, 2005 1:46 PM
To: firewalls@securityfocus.com
Subject: Remotely Installing a Firewall via TSC - Help!
Hello list
I would appreciate veteran experience and opinions on a problem I currently
face.
I am required to set up a server for a community I am involved in. The server
is a commercially hosted box and will run Windows 2000
Server. I have no physical access, and will do all work via a Terminal
Services Client connection.
I want to install a firewall asap but realise that doing this via a Terminal
Server connection is not simple. For one thing, Im
pretty sure I will get disconnected and blocked by default as soon as I
activate the firewall.
The host will not install this for me.
What options do I have for doing this? Is there any clever method to allow me
to do this? Are there any particular software
firewalls that can be configured via some easily editable files so I can
enable TS traffic to pass through before activating the
firewall?
I would love to hear your thoughts and comments, and any particular opinions
on software you believe most suitable.
Many many thanks.
ps - have googled for this extensively and could not find any helpful
resources.
--
Microsoft Windows:
A 32-bit extension and graphical shell to a 16-bit patch to an 8-bit
operating system originally coded for a 4-bit microprocessor, written
by a 2-bit company that can't stand 1-bit of competition.
