Ultra VNC born (again)?

[Jack Beglinger]

Richard - 

Your ability not to understand makes VNC in general an untrustworthy 
product.  Controls on a network is not on the users PC, but the network, 
where the user has no ability to touch.  If you have the ability on transfer files 
and I have no ability to block that transfer EXTERNAL to machine transferring 
it, then I will be force to take out all VNC.  That is the problem.   

Yes - a user can walk in with Linux box - and have it taken from them when 
entering the building.

Yes - a user can bring in a Diskette - but can not gain access to the servers.

Yes - a lot of vectors to attack an internal system can be made.  But 
planning can block a lot or trap them.  

One of the simplist is having software tools that allow network to be 
configured to block user mistakes.  By bundling multiple functions in a single 
port - without the ability to externally control the use - then the port gets 
closed, because you could not understand NO FILE TRANSFERS means 
NO.

Oh do not get me wrong - file transfers are important - I personally would like 
to VNC board created that plugs in a server offering to that server: video, 
keyboard, mouse, diskette, cd-rom and power cycle.  So I can have room full 
of headless machines all controlled from a private secondary network, so I 
power cycle and configure the bios and load an OS - without ever touching 
the box.  But the different here is the type of network... A limited internal 
private network.  And if that network is ever connected to main lan... all file 
transfers functions would blocked.

I am done with this.
jackb
 
> > This is meaningless... If I restrict file transfer on my network, this
> > program can be running inside my network - because I have to close the
> > ports to try to prevent any file transfers.  
> 
> Maybe I didn't make the point quite well enough. What I meant was so long as 
> you can disable any enhancement at the client end with a reg key / push button 
> - security isn't always comprimised. There is a risk with every patch or bit of 
> software you load on the computer (be it running Windows, Linux, Mac OS, 
> etc).
> 
> On UltraVNC there's an option to disable File Transfer..... so..... if users can't 
> get at that function to enable it and the UltraVNC server isn't accepting file 
> transfer requests - the risk is where?
> 
> The best thing about the numerous VNC clients is that you don't *have* to use 
> any of them. If you don't what file transfer - don't use Ultra. If you want pure and 
> simple VNC stick with Real. 
> 
> IMO there are more and greater security risks in unpatched Windows system 
> than with VNC. I use Windows 99.9% of the time at work and home - it has 
> some good points and some bad ones. No system is perfect, yet if you can 
> disable features you don't want - you can reduce risk but never eliminate it.
> 
> At work I know that a really smart user could read the reg key with the VNC 
> password and crack it. That would mean that many PCs could then be 
> comprimised, but then I also know that you can bring a linux boot disk in and 
> get complete admin rights on any NT/2000 workstation.
> 
> Thus endeth the lecture. :-D
> 
> Later,
> Richard
> 
> ---------------------------------
> Richard Harris
> Environment IT, NCC
> Ext 4509
> ---------------------------------
> 
> "Service, price , quality: pick any two."
> _______________________________________________
> VNC-List mailing list
> VNC-List@realvnc.com
> http://www.realvnc.com/mailman/listinfo/vnc-list