embedding secure tuneling (zebedee) in vnc

Glenn Mabbutt gmabbutt "at" quartetservice.com
Thu, 16 Aug 2001 22:32:35 +0000


All good points.  Also note the post of Neil Winton a few days ago re: the
combined Java version of Zebedee and the VNC Viewer - secure tunnelling with
VNC is getting easier.  There was also mention some time earlier about
someone who put a package together of SSH for Win32 (runs as a service on
NT/2000).  As an aside, I didn't find Zebedee a "pain" to set up at all -
worked out of the box for me on win32.

Glenn

-----Original Message-----
From: David Brodbeck [mailto:DavidB "at" mail.interclean.com]
Sent: Thursday, August 16, 2001 2:28 PM
To: 'vnc-list "at" uk.research.att.com'
Subject: RE: embedding secure tuneling (zebedee) in vnc


Point (2) is not true. VNC can be configured to only accept connections from
the loopback address, if desired.  (3) is true, but has mitigating factors.
If you use a tunneling protocol that uses authentication, such as ssh, you
have a record of who opened the forwarded ports.  You can also do security
based on host identity with SSH, it even has a public/private key system to
make sure the host is who it claims to be.

-----Original Message-----
From: Dave Dyer [mailto:ddyer "at" bigfoot.com]
Sent: Thursday, August 16, 2001 1:17 PM
To: vnc-list "at" uk.research.att.com
Subject: embedding secure tuneling (zebedee) in vnc


Tunneling works with VNC, but isn't a really satisfactory
solution for several reasons.

 (1) it's a pain to set up initially,
 
 (2) even if used properly, the insecure VNC port is still open.

 (3) using a tunnel server opens another point of attack on the host 
 machine: for example, ZeBeDee's default server mode opens redirection 
 of all ports.  If misconfigured in this way, any incoming request can
 appear to be from the local host; and in any case, security measures 
 based on  host identity are useless.
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------