Re: Remote access solution

From: Chris Berry (compjma@hotmail.com)
Date: 02/26/03

  • Next message: SMiller@unimin.com: "Re: Download Managers" 
    From: "Chris Berry" <compjma@hotmail.com>
To: security-basics@securityfocus.com
Date: Wed, 26 Feb 2003 10:15:04 -0800

    >From: "Mike Jensen" <jenseses@hotmail.com>
    >One thing to keep in mind when using VNC is that even though the inital
    >authentication may be secure, anything you type while controlling the
    >computer is sent in plain text. So, if you were to connect to a windows
    >machine, for example, then login to or unlock the screen on that machine ,
    >that password you type is sent across the network in the clear.
    >Or, you type in your password to check your e-mail on that computer; again,
    >your password is sent in the clear.
    >
    >I've always recommended tunneling the whole VNC session through some type
    >of encryption method. (I prefer VPNs)

    Actually, I don't think even the initial authentication is secure, you
    should definitely use some sort of encryption (ssh or vpn or both)
    Personally I'd say ssh is fine when you're connecting from one interior
    computer to another, but if you're going to connect from home or something
    I'd say tacking a vpn on top would be a good idea.

    Chris Berry
    compjma@hotmail.com
    Systems Administrator
    JM Associates

    "Linux and I have a love/hate relationship. I hate its complexity until I
    figure out how something works, then I love its power."

    _________________________________________________________________
    Help STOP SPAM with the new MSN 8 and get 2 months FREE*
    http://join.msn.com/?page=features/junkmail

    Relevant Pages

    • RE: Remote access solution
      ... I had started to type up what I thought VNC does on login; ... >authentication may be secure, anything you type while controlling the ... I'd say tacking a vpn on top would be a good idea. ...
      (Security-Basics)
    • RE: 2 factor authentication through vpn ?
      ... I am not fond of checkpoint's VPN though. ... RSA is a good product. ... But most two factor authentication ... but they now wish to evolve into using a secure means of accessing ...
      (Security-Basics)
    • Re: PC Anywhere connections
      ... PCA is not very secure. ... VPN and VNC otherwise you will be a honeypot. ...
      (microsoft.public.backoffice.smallbiz2000)
    • Re: Remote access solution
      ... One thing to keep in mind when using VNC is that even though the inital ... authentication may be secure, anything you type while controlling the ... >secure who can access the host. ... MSN 8 helps eliminate e-mail viruses. ...
      (Security-Basics)
    • Re: second authentication with asas and radius
      ... Institute a process whereby if a users laptop is stolen or lost, force the user to change their password. ... Most people who steal a laptop are not going to try to access your network via a VPN, and the odds that they also have the user's login id and password are very slim. ... RSA tokens aren't that much more secure in this case, because they are often kept with the laptop. ... of authentication, such as a challenge/response type question or similar that might change every couple months to ensure that no one is getting in that shouldn't be... ...
      (comp.dcom.sys.cisco)