Not sure where I read/found this, but I remember hearing that people were
tunnelling VNC over SSH. You'll prolly take a small performance hit, but
the added security is worth it IMHO. You probably can find more info by
searching on Google or Deja for "VNC and ssh".
--
Aaron Turner [EMAIL PROTECTED] 650.237.0300 x252
Security Engineer Vicinity Corp.
Cell: 408-314-9874 http://www.vicinity.com
On Wed, 13 Sep 2000, Chris Trudeau wrote:
>
> B e very careful, while feature wise VNC is much like PCAnywhere or other "remote
> control" packages. As far as I know in the latest releases, there is NO facility
> for using encrypted traffic and authentication for connecting to the daemon is in
> clear text.
>
> Sitting on a network collecting traffic information between your clients and the
> firewall would make breaking into your network trivial at best.
>
> However, VNC is really cool! It is considerably smaller than the other packages out
> there, and (here comes the really cool part) allows you to view and remotely manage
> your windows desktop from a unix platform.
>
> Use it within trusted domains.. Hopefully if they AT&T labs in the UK actually
> releases another version of it, they can tune some small performance issues and
> possibly offer a layer of encryption.
>
> Chris
>
> Gopinath Pulyankote wrote:
>
> > Topic is not directly related to FW-1, hence please forgive.
> > Hello,
> >
> > Some of our users wants to use VNCviewer from the Internet to connect to
> > their desktops via FW-1 WITHOUT using SecuRemote (The desktops are on a
> > subnet that's not part of our encryption domain due to some historical
> > reasons! :) ) . Wanted to know your views on this product. How safe is it?
> > Any reports of security vulnerability, can the packets be sniffed to get the
> > initial login password or the data itself?
> > For those not familiar, its almost like PC-Anywhere or other thin clients,
> > which enables control of a remote desktop or Unix server.
> > TIA
> > Gopinath
> >
> > ================================================================================
> > To unsubscribe from this mailing list, please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > ================================================================================
>
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
