Richard - Your ability not to understand makes VNC in general an untrustworthy product. Controls on a network is not on the users PC, but the network, where the user has no ability to touch. If you have the ability on transfer files and I have no ability to block that transfer EXTERNAL to machine transferring it, then I will be force to take out all VNC. That is the problem.
Yes - a user can walk in with Linux box - and have it taken from them when entering the building. Yes - a user can bring in a Diskette - but can not gain access to the servers. Yes - a lot of vectors to attack an internal system can be made. But planning can block a lot or trap them. One of the simplist is having software tools that allow network to be configured to block user mistakes. By bundling multiple functions in a single port - without the ability to externally control the use - then the port gets closed, because you could not understand NO FILE TRANSFERS means NO. Oh do not get me wrong - file transfers are important - I personally would like to VNC board created that plugs in a server offering to that server: video, keyboard, mouse, diskette, cd-rom and power cycle. So I can have room full of headless machines all controlled from a private secondary network, so I power cycle and configure the bios and load an OS - without ever touching the box. But the different here is the type of network... A limited internal private network. And if that network is ever connected to main lan... all file transfers functions would blocked. I am done with this. jackb > > This is meaningless... If I restrict file transfer on my network, this > > program can be running inside my network - because I have to close the > > ports to try to prevent any file transfers. > > Maybe I didn't make the point quite well enough. What I meant was so long as > you can disable any enhancement at the client end with a reg key / push button > - security isn't always comprimised. There is a risk with every patch or bit of > software you load on the computer (be it running Windows, Linux, Mac OS, > etc). > > On UltraVNC there's an option to disable File Transfer..... so..... if users can't > get at that function to enable it and the UltraVNC server isn't accepting file > transfer requests - the risk is where? > > The best thing about the numerous VNC clients is that you don't *have* to use > any of them. If you don't what file transfer - don't use Ultra. If you want pure and > simple VNC stick with Real. > > IMO there are more and greater security risks in unpatched Windows system > than with VNC. I use Windows 99.9% of the time at work and home - it has > some good points and some bad ones. No system is perfect, yet if you can > disable features you don't want - you can reduce risk but never eliminate it. > > At work I know that a really smart user could read the reg key with the VNC > password and crack it. That would mean that many PCs could then be > comprimised, but then I also know that you can bring a linux boot disk in and > get complete admin rights on any NT/2000 workstation. > > Thus endeth the lecture. :-D > > Later, > Richard > > --------------------------------- > Richard Harris > Environment IT, NCC > Ext 4509 > --------------------------------- > > "Service, price , quality: pick any two." > _______________________________________________ > VNC-List mailing list > [EMAIL PROTECTED] > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
