When you purchase MobaXterm Pro Edition, you get access to a registered copy of MobaXterm and another program called Customizer. Using MobaXterm Customizer, you will be able to generate customized copies of MobaXterm with your own logo and your default settings. Settings specified in the Customizer will be hard-coded within the generated executable itself.
We already discussed about MobaXterm customization in another article. We will now try to explain in details how to secure your MobaXterm installation for your company use.
MobaXterm is already a secure program: its SSH connections are based on the well-known OpenSSH program and encrypted using the OpenSSL library, its sources are available so that anyone can audit them, its passwords can be stored with strong encryption.
For home usage, MobaXterm default settings may be enough to ensure a decent security level. However, depending on your company security rules, you can disable some features which may be considered as unsafe in your professional environment.
In the Customizer program, go to the Settings tab, then to the Security tab.
Each setting can be leaved unchecked (less secure) or checked (more secure), you will have to make some choices between features and security.
For instance:
- if users do not use any of the embedded servers, we recommend to check the Disable servers box: this will prevent your company users from starting one of the embedded MobaXterm daemons (SSH, telnet, VNC, HTTP, FTP, …)
- if users do not need any network packet capture or network scanner / port scanner tools, we recommend to check the disable packet capture and disable network/ports scanner
- you may also consider the possibility in your environment, to disable insecure protocols such as telnet, rlogin or ftp and use SSH / SFTP instead.
It is very important to be aware that MobaXterm is only a network client program and that restraining things on the client will not secure your network entirely: it is much more important to secure the server side of your network architecture. For instance, if you need to force your team members to use ssh instead of rlogin/telnet in order to access to a server: even if you restrain MobaXterm in order to prevent it from performing rlogin/telnet connections, if the server is still able to accept such protocols, your team members will still be able to download another network client and to perform insecure connections.