Restricting access

Nick Stock cat2devnull "at" yahoo.com
Wed, 20 Mar 2002 09:44:45 +0000


Hi All,

Long time listener, first time caller. :)

I work for a company that uses Linux on the desktop.
We have one windows system which is located in the
server room and all employees have access to this
system for when they need to do something which cannot
be done under Linux.

VNC is an ideal solution to provide access with one
major drawback. I cannot find any way to easily
restrict the windows box to one connection at a time.
This is important because one of the very few
applications that we run on the windows box is the
payroll software and the boss doesn't want employees
seeing things that they shouldn't.

Now before everyone starts pointing out that there are
hundreds of other ways to compromise the
application...
We have secured the physical server, the payroll
software has an encrypted database and requires a
password to access, the LAN is switched to prevent
packet sniffing (we will ignore MAC overloading),
etc... Multiple sessions via VNC is the only weakness
that doesn't require some serious effort.

The "-noshared" option with "ConnectPriority=2" is
only useful if everyone uses it and there is no
practical way to police a client side requirement.

Any help would be much appreciated.

----
Nick

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage
http://sports.yahoo.com/
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------