Re: RealVNC Security

[Alexander Klimov <alserkli () inbox ru>]

On Mon, 14 Feb 2005, Adam Kane wrote:

> My software company currently uses two specific machines (both running
> Windows 2000 Pro) as "VNC" machines.  The purpose for these machines are
> to display two of our software products, and allow remote login to the
> computers for potential clients (very few ask) to test out the program,
> rather than us creating a 30-day trail type of setup.
> [...]
> Any suggestions on how to keep these machines secure and accessible to
> our potential clients, and keeping these machines away from any other
> networked computers is appreciated.

Put them on a separate LAN segment and set up your firewall rules so
that only vnc connections are allowed to go to these machines and
nothing allowed to go out from them. This way they will be almost
useless for an attacker and clients will have no way to
unintentionally download adware/viruses. To avoid possibility that one
client pass something to another you can simply save image of the
clean machine and restore it every day (note that it could take <5
minutes to restore 1Gb of data and this can be fully automated).

-- 
Regards,
ASK