Eric,
I hope for you your brother gets his head out of the sand and
get back into the "real life"
OR... just pass his a copy of "hacking exposed".
I think that will definately open his eyes about using firewalls
and using VNC as a remote control system over the Internet
(or intranet) without any encryption.
I think there are enough real life examples which you can turn
up from the Internet that can show you're vulnerable to things
on and from the web without any protection what so ever.
I won't start about blindly trusting an "expert" subject.
Regards,
Brenno
> -----Original Message-----
> From: Eric Johnson [SMTP:[EMAIL PROTECTED]]
> Sent: woensdag 9 mei 2001 7:36
> To: [EMAIL PROTECTED]; Noonan, Wesley
> Subject: RE: VNC vs PPTP
>
> On 8 May 2001, at 23:05, Noonan, Wesley wrote:
>
> > I just ran a simple test because your question got me curious. Running
> VNC I
> > was able to capture and view every password that went across the wire in
> > plain text, right there in my netmon capture. Windows logon, VNC
> connection
> > establishment, all of them. Using PPTP I must decrypt the data first.
> >
> > If your outside network "expert" thinks PPTP is extraordinarily
> insecure,
> > ask him what he thinks plain text is... It might be time for a better
> > "expert" ;-)
>
> I wish.
>
> The big problem is that my boss is also an older brother of mine. I
> think he refuses to pay attention to my advice because of that.
>
> By the way, until recently that "network expert" apparently claimed
> that firewalls are unnecessary! He even claimed that using access
> control lists on the border router made the network less secure.
>
> Eric Johnson
> --------------------
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
