Re: WinVNC

From: *Vanguard* (no-email_at_post-reply-in-newsgroup.invalid)
Date: 04/30/04


Date: Thu, 29 Apr 2004 23:47:27 -0500


"Leythos" said in
news:MPG.1afb84242f475f7298a46a@news-server.columbus.rr.com:
> In article <VaCdnfV19amrKgzd4p2dnA@comcast.com>,
> no-email@post-reply-in- newsgroup.invalid says...
>> "Leythos" said in
>> news:MPG.1afb70ca3509f22498a467@news-server.columbus.rr.com:
>>> In article <Zb-dnVzgDJ2c5wzdRVn-uQ@comcast.com>,
>>> no-email@post-reply-in- newsgroup.invalid says...
>>>> "Leythos" (void@nowhere.com) said in
>>>> news:MPG.1afb1ce1f11245f98a464@news-server.columbus.rr.com:
>>>>> In article <KeGdnT-mv-Sg0wzdRVn-hA@comcast.com>,
>>>>> no-email@post-reply-in- newsgroup.invalid says...
>>>>>> But the OP said the potential customers CAN browse web pages. If
>>>>>> they are still using the default port 80 to do so, why wouldn't
>>>>>> the VNC client which was also using port 80 be able to get
>>>>>> through?
>>>>>
>>>>> Most hospitals have an IT policy the prohibits people from
>>>>> installing or running applications which were not installed or
>>>>> authorized by the IT department.
>>>>>
>>>>> Every hospital I've done IT work for would fire/reprimand someone
>>>>> for installing VNC.
>>>>>
>>>>> --
>>>>
>>>> But the user is NOT *installing* it if it runs from a floppy. It
>>>> runs from the floppy. It doesn't install any files onto their
>>>> computer. So the hospitals policy would also have to include
>>>> RUNNING any programs that are not on their okay list.
>>>
>>> In a strict sense, if you didn't find it on the computer then you
>>> installed it in order to use it - inserting a floppy that contains a
>>> executable that was not provided by the IT department, in order to
>>> view content through a hole in the firewall (port 80) for something
>>> other than web sites might well get the person(s) in hot water.
>>>
>>> --
>>
>> Since the VNC client is a client (and not a server), I can't see this
>> being more a security breach than letting them also use a browser.
>> In fact, the VNC viewer looks to be more secure than any browser.
>> From what I've seen of VNC, it is on the VNC server host where the
>> security issues must be addressed, not on the client side (i.e.,
>> Mike needs to protect his hosts running VNC server rather than his
>> hospital clients running VNC clients worrying about what Mike can do
>> to them). But if there is any doubt and you're in a draconian
>> company, especially one recently burned by hackers, viruses, or
>> malcontents (external and internal), then it is best to ask. It is
>> possible, for example, that Mike isn't the nice guy he pretends to
>> be and the VNC viewer program he provides has been modified to do
>> "other tasks" on his customer's computers, so Mike should really
>> tell his customers to go get the VNC viewer themselves from a known
>> and respected web site.
>
> Looks like we're on the same page here.
>
>
> --

Yeah. I like the phrase "we're in vehement agreement". Sneakernet is
one way viruses manage to circumvent a protected network as are hosts
with modems making dial-up connections. I remember our test lab having
its own router, anti-virus, and firewall appliances to protect us from
our own fellow employees on our corporate network. Not even IT folks
got into our computer room without one of us monitoring their activity,
and it was rare they ever needed or even wanted to go in there.

-- 
____________________________________________________________
*** Post replies to newsgroup.  Share with others.
*** Email: domain = ".com" and append "=news=" to Subject.
____________________________________________________________