Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Shadowing Terminal sessions

from [Dubber, Drew B] Network Security [Permanent Link]
Subject: RE: Shadowing Terminal sessions
Date: Wed, 4 Oct 2006 15:35:51 +0100 
Have you looked at the native SHADOW command (command prompt utility to
shadow sessions.) Is that good enough with a bit of custom scripting to
detect sessions and start a shadow. Possibly not! 

Alternatively, Citrix had a technology preview of project IRIS available
earlier in the year (see
http://www.brianmadden.com/content/content.asp?ID=469) Not sure where
that is in terms of release (not available on mycitrix now) but that had
full surveillance/auditing and sounded a perfect fit for your
requirements.

Hope that helps (but probably not!)

Cheers
Drew


-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of dubaisans dubai
Sent: 04 October 2006 07:10
To: focus-ms@securityfocus.com
Subject: Shadowing Terminal sessions

Hi,

We have a single hop model for administering Windows servers in
datacenter. First admins login using RDP from their desktops to
Microsoft  Terminal server which serves as a gateway. From the gateway
they open a second terminal connection[RDP] to their own application
servers.

This gateway terminal server is maintained by Information security
team. On this server it is required to shadow all sessions that are
happening. It should be happening in the background and fully
automated. Since there is little control for Infosec team on the
application  servers this is being done for maintining audit trail and
forensics. The server hardware sizing and storage requirements for
gateway can be taken care of.

Is this possible with just Microsoft Terminal server ?

We are open to using a different product other than Microsoft Terminal
server [ like Citrix or Sun Global desktop]if it has this feature.We
are also open to using a add-on product which will provide only this
shadowing function.

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SecurityFocus Microsoft Newsletter #311, mfossi
Next by Date:  security implications of disabling WMI service, Murda Mcloud
Previous by Thread:  Shadowing Terminal sessions, dubaisans dubai
Next by Thread:  SecurityFocus Microsoft Newsletter #311, mfossi
Indexes:  [Date] [Thread] [Top] [All Lists]