vnc and security

Jeff Walker jwalker "at" matchlogic.com
Wed, 13 Jun 2001 18:22:15 +0000


Sorry if this has been covered before, but I searched the archives, and
didn't find anything really relevant.

My company is doing a security audit and installing a security policy.  Vnc
isn't going to be allowed, because the traffic isn't encrypted.  I
understand how to fix this, using ssh to do port forwarding to tunnel the
traffic through a secure channel.  That seems to work okay, but the problem
is the speed.  It is pretty much unusable to me.  I have the server on a
OSF1/alpha box that is pretty fast. I have the viewer running on a very fast
Pentium III windows 2000 machine.  The network between the viewer and server
is very fast.  The only ciphers available is idea, 3des, and blowfish.  All
three seem very slow. (and I can't try "none" to see if the encryption
overhead is really the problem)  I have tried various levels of compression,
but it doesn't help.

I have read the info on the vnc site about how to do this, including the
info about getting out of "raw" mode, I use "hextile", as that seems to be
the fastest over non-ssh.

Is there something I'm missing, something I can do to make this anywhere
near the speed of non-ssh?

Thanks.

-- 
Jeff Walker                   MatchLogic, Inc.
jwalker "at" matchlogic.com        7233 Church Ranch Blvd.
Voice 1 (303) 222-2105        Westminster, CO  80021
Fax   1 (303) 222-2001        www.matchlogic.com
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------