Re: IPCop vs Smoothwall and VNC over SSH

security_at_surefoot.com
Date: 08/22/05

  • Next message: Chandrashekhar Mullaparthi: "Re: Your opinion on Skype"
    To: security-basics@securityfocus.com
    Date: Mon, 22 Aug 2005 09:28:42 -0600
    
    

    On Wednesday 17 August 2005 07:50, Douglas Duckworth <DD> wrote:
    > Hello everyone!
    >
    > I am working with a client, who is looking to enable remote access/VPN
    > into the network. The company is rapidly expanding, and my concern is
    > security when considering VNC. I have decided to replace the existing
    > Linksys NAT/Firewall Router with a linux based solution, either IPCop,
    > or Smoothwall. I think I will go with IPCop, becasue I have read the
    > support is better, is this the best solution? Secondly, would VNC
    > over SSH really be the best option for remote access? I have used VNC
    > before, but never over the Internet; I use SSH 2 frequently, and I am
    > aware of its security, however, is this really the best solution?
    >
    > I am referencing:
    > http://martybugs.net/smoothwall/puttyvnc.cgi
    >
    > Which states that, due to forwarding, VNC ports will not be accessible
    > from the Internet, a great relief.
    >
    > Can anyone recommend better third party software which would be cost
    > effective? We are choosing VNC over SSH also because of its open
    > source nature.

    VNC over SSH is viable, I use it pretty often. It has one major advantage: you
    only give access to the ports needed. If the remote machine is infected with
    a virus the chances of infecting the corporate network are greatly reduced if
    you stick with SSH as opposed to, say, PPTP or IPSec.

    On the other hand, if there are plans of having people telecommute you might
    want to consider offering IPSec or PPTP.

    Jens


  • Next message: Chandrashekhar Mullaparthi: "Re: Your opinion on Skype"