Re: VNC Security

From: Andy Bruce - softwareAB (andy_at_softwareab.net)
Date: 04/26/05

  • Next message: Conlan Adams: "RE: VNC Security"
    Date: Tue, 26 Apr 2005 14:53:43 -0400
    To: Conlan Adams <conlan@midwesteyebanks.org>
    
    

    Beat that horse...

    ---CUT---
    Scenario C is assuming the following points.
    1. A single remote user with a software firewall, who doesn't belong to
    a larger corporation, a one person organization. You're supporting them
    as a contractor.

    At your location, setup a SSH server available on the internet with
    password logins disabled and keys for various users who need your
    support. On their machine a PuTTY configuration (or similar client)
    with all the port forwards setup and the connection details configured.
    Have the client connect initiate the putty connection (as simple as a
    double click) which forwards the port for VNC to the SSH server on a
    predestined port. Connect to this port and take over their machine.
    Total user work required, double clicking on a PuTTY connection.
    ---CUT---

    A. the user doesn't have putty installed. Someone (meaning me) has to talk them thru it. ("now type -L 5900:localhost:5900, oh wait, not the number one, but the letter L ah heck...")

    B. much of the time, the user can't spell "port forwarding", much less do it. Hence in many situations they are connected to internet directly and we just tell them to have windows firewall allow VNC server port access.

    C. If the user can get this setup without too much assistance, they can setup their own SSH daemon and let me come in under RDO or VNC or whatever. So the conversation is moot.

    Andy

    >
    >


  • Next message: Conlan Adams: "RE: VNC Security"

    Relevant Pages

    • Re: Inbound Port 23 TCP/IP loss question
      ... Such a setup makes it impossible to route a specific port to more than 1 PC. ... Cable modem goes to router. ... I am aware of the ability to assign different TCP/IP port traffic to specific computers using fixed addressing if wanted. ... But in this case, for initial setup and configuration purposes, there is, no software firewall setup on either box. ...
      (comp.os.os2.misc)
    • Re: A question about a basic security setup...
      ... > I have been thinking about a setup for my basic ADSL network at home that ... > before I go through motions of setting up the network. ... > I am running a web server on port 80. ... > machine for all port 80 requests. ...
      (Security-Basics)
    • Re: cannot connect to /remote externally
      ... Les Connor [SBS MVP] ... account to a static IP account, or use another port for the server. ... > does not work for the Default Website setup in IIS. ...
      (microsoft.public.windows.server.sbs)
    • Re: cannot connect to /remote externally
      ... account to a static IP account, or use another port for the server. ... Les Connor [SBS MVP] ... does not work for the Default Website setup in IIS. ...
      (microsoft.public.windows.server.sbs)
    • Re: PIX 501 QUESTIONS...what am I doing wrong here?
      ... I figured it out based on a cisco forum reply on dslreports.com. ... you set up PAT and port forwarding in this way.... ... if it is setup on 1 IP using ... > 1) Just get ICMP working. ...
      (comp.security.firewalls)