Re: IPCop vs Smoothwall and VNC over SSH

security_at_surefoot.com
Date: 08/22/05

  • Next message: Chandrashekhar Mullaparthi: "Re: Your opinion on Skype"
    To: security-basics@securityfocus.com
    Date: Mon, 22 Aug 2005 09:28:42 -0600
    
    

    On Wednesday 17 August 2005 07:50, Douglas Duckworth <DD> wrote:
    > Hello everyone!
    >
    > I am working with a client, who is looking to enable remote access/VPN
    > into the network. The company is rapidly expanding, and my concern is
    > security when considering VNC. I have decided to replace the existing
    > Linksys NAT/Firewall Router with a linux based solution, either IPCop,
    > or Smoothwall. I think I will go with IPCop, becasue I have read the
    > support is better, is this the best solution? Secondly, would VNC
    > over SSH really be the best option for remote access? I have used VNC
    > before, but never over the Internet; I use SSH 2 frequently, and I am
    > aware of its security, however, is this really the best solution?
    >
    > I am referencing:
    > http://martybugs.net/smoothwall/puttyvnc.cgi
    >
    > Which states that, due to forwarding, VNC ports will not be accessible
    > from the Internet, a great relief.
    >
    > Can anyone recommend better third party software which would be cost
    > effective? We are choosing VNC over SSH also because of its open
    > source nature.

    VNC over SSH is viable, I use it pretty often. It has one major advantage: you
    only give access to the ports needed. If the remote machine is infected with
    a virus the chances of infecting the corporate network are greatly reduced if
    you stick with SSH as opposed to, say, PPTP or IPSec.

    On the other hand, if there are plans of having people telecommute you might
    want to consider offering IPSec or PPTP.

    Jens


  • Next message: Chandrashekhar Mullaparthi: "Re: Your opinion on Skype"

    Relevant Pages

    • Re: Security Breached
      ... I have a typical home network that looks like this: ... on both the DMZ and port forward questions. ... I have the vnc port blocked at the router so I presumed it was safe to ... they done it port forwarding over SSH (if your assumption of only SSH ...
      (alt.computer.security)
    • Re: Making VNC behave like Windoze RDP
      ... SSH tunnel, but I might try Cygwin too. ... > This allows you to connect via vnc, run programs, disconnect, then ... >> While I'm on the subject, is anyone aware of a better remote desktop ... > And by just sending the windows of the particular programs you want to ...
      (Fedora)
    • Re: Remote XWindows
      ... I am doing well with putty but have hit a point where I need to bring up my browser in a remote session.. ... With ssh, you can run this to execute the application remotely but have it displayed locally: ... If you want it to be displayed remotely as well, you'll want to look into VNC ... What I get at startx is the message "Server is already active for display 0". ...
      (Fedora)
    • Re: Security Breached
      ... I have a typical home network that looks like this: ... I have the vnc port blocked at the router so I presumed it was safe to ... they done it port forwarding over SSH (if your assumption of only SSH ...
      (alt.computer.security)
    • Re: Remote XWindows
      ... Mike Dwiggins wrote: ... I am doing well with putty but have hit a point where I need to bring up my browser in a remote session.. ... With ssh, you can run this to execute the application remotely but have it displayed locally: ... If you want it to be displayed remotely as well, you'll want to look into VNC ...
      (Fedora)