If you have tried the ATRLS and decided it meets your needs, please see the
Ordering
the ATRLS
section to purchase the latest version.
3.
Security Considerations
This manual assumes that you are familiar with the risks and benefits of the rshd,
rexecd, rlogind and telnetd services found on Unix and other operating systems. The
secure operation of these services is a complicated matter, and this manual provides
only the details specific to this implementation. If you are unfamiliar with the
security aspects of these services, Ataman advises you to consult a TCP/IP
networking protocols tutorial.
The Ataman TCP Remote Logon Services (ATRLS) allow users to remotely logon within
their own security context. However, several security issues remain because Microsoft
Windows is not implemented with full support for remotely logged in users.
3.1
Potential Interaction Problems
3.1.1 Random sounding of the system bell
Remote users may run programs that cause an action to request the system bell to ring.
The system bell associated with the main monitor will sound because Windows does not
redirect this function. Locally logged-on users, unaware of remote users running
programs, may think they have made a mistake since the bell seems to ring at random.
3.2
No Clean Process Termination
Microsoft provides no clean method of killing a process in Windows. There is a kill
provided, but that kill does not notify DLLs that are attached to the killed process of the
exit. This potentially leaves dead data inside those DLLs. We do use the kill provided to
cleanup logon sessions that are unexpectedly terminated.
If your program uses DLLs and your connection is unexpectedly broken, you may
encounter this problem. Unfortunately, Microsoft does not document the conditions
where dead data is left inside DLLs. However, in practice, the vast majority of programs
do not seem to be affected. Please understand, this problem is a shortcoming of Windows
and not a flaw in Ataman’s services. Hopefully, Microsoft will become embarrassed
about this obvious and serious shortcoming in Windows and provide a proper mechanism
to cleanly terminate processes.
3.3
Other issues
The issues described above are the only security problems identified thus far. However,
since Windows does not fully support remotely logged-on users, it is likely that new
security holes will be discovered. In short, remotely logged-on users using the Ataman
telnetd, rlogind or rexecd services should be limited. The security levels of these users
should reflect their potential to gain privileged access to the system. The section
Using
the Ataman TCP Remote Logon Services
section below covers the mechanism used
to restrict the users allowed to logon.
4
4.
Requirements
•
Windows XP Home/XP Professional/2003 Server/2008 Server/
Vista/ 7 /2008 Server R2
•
Microsoft Winsock Version 2 installed and configured.
5.
Installation
Your user account must have Administrators or Domain Admin privilege levels to install
the ATRLS.
On the system that you wish to install the Ataman TCP Remote Logon Services, create a
directory that is local to that system. For example:
mkdir c:\atrls
The directory you create must have its permissions set such that the executable (*.exe)
files can be read and executed by the SYSTEM account and all user accounts that will be
allowed to remotely logon. All directories in the path to the executables must be
searchable by those accounts.
Change your working directory to this new directory. Unzip the archive into this
directory.
To install the ATRLS type:
atrls install start
You should now proceed to the
Using the Ataman TCP Remote Logon Services
section in order to authorize users to logon.
6.
Removal
Do NOT use the procedures in this section if you are upgrading or moving the
software to a different location on the same machine. Instead, follow the information
in the
Upgrading
or
Reinstallation
sections.
Ataman Software is committed to making the use of its software as easy as possible for
the end user. Most users prefer software that removes as easily as it installed, thus we
provide a procedure to uninstall the software. The uninstall procedure removes the
services and all associated registry entries. It does not remove the disk files as you may
simply be moving the software to a different machine.
If you need to remove the ATRLS from your system, type:
atrls stop remove
7.
Reinstallation
If you want to move the ATRLS to a new location on your machine, stop the ATRLS
service:
atrls stop
5
Move the files to the new location, then:
atrls reinstall start
Using this method will preserve all your old configuration settings.
8.
Upgrading
You might want to first create backups of your current settings. You can do this using the
“dump” option to the auseradm.exe and aconfig.exe commands. See
Configuring the ATRLS from the Command Line
for details.
To upgrade to a new version of the ATRLS, in the directory of the old version type:
atrls stop
Unzip the new archive into the directory of your choice, then in the new directory type:
atrls upgrade start
Using this method will preserve all your old configuration settings.
This upgrade method will work for the version 2.X -> 3.X -> 4.X → 5.X upgrade as well.
However, if you were using the version 2.X environment file option, make sure you save
your environment file and read the
Version 3.X and newer doesn’t have the Environment
File option
section.
If you are upgrading to a new major version, you need to install your new registration
code. See the
Registration
section for details.
9.
Registration
9.1
Ordering Registration Code
After evaluating the Ataman TCP Remote Logon Services (ATRLS) and finding it meets
your needs, you need to purchase a license to continue using the product. Please see the
Ordering the ATRLS
section to purchase the latest version. Once Ataman Software has
processed your order, you will receive a registration code. This registration code acts as
a key to the software. The code notifies the software that you are a registered user and
disables the payment reminders and other reminder features. These reminder features
insure that evaluating users do not use the software beyond the evaluation period.
One nice feature of the ATRLS is that future minor revisions of the ATRLS use the same
registration code. Only major revisions will require purchase of a new registration code.
A major product revision adds significant new features to the product; a minor revision
generally contains fixes and minor enhancements.
Registration codes are tied to the name of the registered user and cause the product to list
that user as the proper licensee of the product. You should never share your registration
code with another user, as your name must appear as the licensee of that copy in order for
the registration code to work.
6
Dostları ilə paylaş: |