{"id":20885,"date":"2009-12-16T15:15:10","date_gmt":"2009-12-16T19:15:10","guid":{"rendered":"http:\/\/www.bu.edu\/tech\/?page_id=20885"},"modified":"2022-02-09T16:33:37","modified_gmt":"2022-02-09T21:33:37","slug":"secure","status":"publish","type":"page","link":"https:\/\/www.bu.edu\/tech\/services\/security\/server\/vulnerability-management\/xprobe\/secure\/","title":{"rendered":"Secure Your X-Windows Server"},"content":{"rendered":"<p>When you run an X server on your PC and the X server is the active application, all user input (mouse movement and key presses) are given by the computer to the X server. Applications that wish to interact with the user connect to the X server and ask for copies of user input.<\/p>\n<p>Since the keystrokes often include information like usernames and passwords, it is important to make sure that this information is given only to the applications that should receive them. You can expect that normal applications like <em>xterm<\/em> or <em>mozilla<\/em> will behave properly. However it is possible for malicious Internet users to create applications that will surreptitiously listen in on your keystrokes and harvest information, including your Kerberos password.<\/p>\n<p>All modern X servers provide a method to secure against connections from such unwanted applications; however, not all X server applications (including those native to UNIX) enable access controls by default.<\/p>\n<p>To begin, you should make sure you understand <a href=\".\/xauth\">How X-Windows Access Control Works<\/a>.\u00a0 If you are attempting to use X-Windows in the Unix or Linux environment, you may find our <a href=\"https:\/\/www.bu.edu\/tech\/z-retired-pages\/acsunix\/xterminal\/\">X-Terminal Security<\/a> documentation helpful.\u00a0 If you are using X-Win32 you should look at our advice on <a href=\"https:\/\/www.bu.edu\/tech\/services\/security\/server\/vulnerability-management\/xprobe\/xwin32-security\/\">Securing X-Win32<\/a>. If you are using MobaXterm you should look at our advice on Securing <a href=\"https:\/\/www.bu.edu\/tech\/services\/security\/server\/vulnerability-management\/xprobe\/securing-mobaxterm\/\">MobaXterm<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When you run an X server on your PC and the X server is the active application, all user input (mouse movement and key presses) are given by the computer to the X server. Applications that wish to interact with the user connect to the X server and ask for copies of user input. Since&#8230;<\/p>\n","protected":false},"author":2620,"featured_media":0,"parent":6543,"menu_order":3,"comment_status":"closed","ping_status":"open","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/20885"}],"collection":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/users\/2620"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/comments?post=20885"}],"version-history":[{"count":10,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/20885\/revisions"}],"predecessor-version":[{"id":138878,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/20885\/revisions\/138878"}],"up":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/6543"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/media?parent=20885"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}