embedding secure tuneling (zebedee) in vnc

David Brodbeck DavidB "at" mail.interclean.com
Thu, 16 Aug 2001 19:34:26 +0000

Point (2) is not true. VNC can be configured to only accept connections from
the loopback address, if desired.  (3) is true, but has mitigating factors.
If you use a tunneling protocol that uses authentication, such as ssh, you
have a record of who opened the forwarded ports.  You can also do security
based on host identity with SSH, it even has a public/private key system to
make sure the host is who it claims to be.

-----Original Message-----
From: Dave Dyer [mailto:ddyer "at" bigfoot.com]
Sent: Thursday, August 16, 2001 1:17 PM
To: vnc-list "at" uk.research.att.com
Subject: embedding secure tuneling (zebedee) in vnc

Tunneling works with VNC, but isn't a really satisfactory
solution for several reasons.

 (1) it's a pain to set up initially,
 (2) even if used properly, the insecure VNC port is still open.

 (3) using a tunnel server opens another point of attack on the host 
 machine: for example, ZeBeDee's default server mode opens redirection 
 of all ports.  If misconfigured in this way, any incoming request can
 appear to be from the local host; and in any case, security measures 
 based on  host identity are useless.
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html