...down below
Scott Sipe wrote:
On Oct 2, 2008, at 10:10 PM, Soren wrote:
In your shoes, I would not bet my dimes on VNC alone. If a security
breach happens because of VNC (it does from time to time, and VNC
scans/exploits are automatic!), your client might become 'slightly
upset'.
But, hey, it's your nuts ;)
I'd go GTA and VPN, and under no circumstances use VNC without VPN in
*any* production environment (great for home use, though). By
tunneling VNC in an encrypted VPN, you should be pretty safe.
Sorry to say this, but there's no easy way around a minor PITA if you
also want high security. These tend to stick close together ;)
Setting up a test system at your clients office, and running a few
vulnerability scanners against it before the final implementation, may
be useful in keeping things tight and crispy.
HTH.
Could you expand on any of this?
Please, ekspress a little clearer which part of the above you want me to
elaborate on, and I'll attempt to do so.
I've had VNC ports open for years and
no security issues.
Yeah, alright, well...
I do use UltraVNC and encryption plugins, along with
password authenticated domain login. What kind of security breach are
you foreseeing?
Heh-he... not exactly far from what I suggested, is it? ;)
I am not foreseeing anything at all. But I do my share of reading log files, I
can assure you. Doing so keeps the beat going ;)
Additionally, with MS RDP, you're fully encrypted and using normal
domain login.
FYI, MS RDP is notorious about exploitation. 'nuff said.
I have an IPSEC VPN setup between remote locations and the main office,
but for employees on the road who just want to access their desktop, RDP
is perfect.
Probably perfectly adequate for serving a specific purpose in the case of your
employer.
But you forget to mention all the other implications you've taken ;)
Is there more to say, do you disagree?
Scott, easy now.
Please, let me know what parts of 'million dollar company' and 'sensitive
information' in the original question you didn't understand? ;)
.
