Security Basics mailing list archives

RE: VNC Security

From: Alexandre Zglav <azglav () heritage ch>
Date: Wed, 27 Apr 2005 14:53:43 +0200




I like this solution !

In my book there are better ways to do it.


What book ?
What ways ?

Thanks :)


--- QUOTE ---
Scenario C is assuming the following points.
1.  A single remote user with a software firewall, who doesn't belong to
a larger corporation, a one person organization.  You're supporting them
as a contractor.

At your location, setup a SSH server available on the internet with
password logins disabled and keys for various users who need your
support.  On their machine a PuTTY configuration (or similar client)
with all the port forwards setup and the connection details configured.
Have the client connect initiate the putty connection (as simple as a
double click) which forwards the port for VNC to the SSH server on a
predestined port.  Connect to this port and take over their machine.
Total user work required, double clicking on a PuTTY connection.


All of these require less actual work on the part of the user (GOOD
THING) and are much more secure.  Can you "safely" run VNC over the
public internet?  Sure.  Do you want to?  I know I don't.  In my book
there are better ways to do it.
--- END QUOTE ---




E-mail contains confidential information or information belonging to Heritage Bank & Trust (hereafter "HBT") and is 
intended solely for the addressees. Any views or opinions contained in this message are solely those of the author, and 
do not necessarily represent those of HBT, unless otherwise specifically stated and subject to the sender being 
authorised to express such view or opinion.The unauthorised disclosure, use, dissemination or copying of this e-mail, 
or anyinformation it contains, is prohibited. E-mails are susceptible to alteration and their integrity cannot be 
guaranteed. Internet communications are not secured, therefore HBT shall not be liable for this e-mail if modified or 
falsified. If you are not the intended recipient of this e-mail, please delete it immediately and notify the sender of 
the wrong delivery. This message is for informational purposes and should not be construed as a solicitation or offer 
to buy or sell any securities, investments or related f
 inancial instruments.

Current thread:

RE: VNC Security, (continued)
- RE: VNC Security Steve Bostedor (Apr 20)
- RE: VNC Security Joshua Berry (Apr 20)
- RE: VNC Security Steve Bostedor (Apr 20)
- RE: VNC Security Joshua Berry (Apr 21)
- RE: VNC Security Joshua Berry (Apr 21)
- Re: VNC Security Alexandre Zglav (Apr 21)
- RE: VNC Security Conlan Adams (Apr 26)
  - Re: VNC Security Andy Bruce - softwareAB (Apr 26)
- RE: VNC Security Conlan Adams (Apr 26)
  - Re: VNC Security Andy Bruce - softwareAB (Apr 26)
- RE: VNC Security Alexandre Zglav (Apr 27)