Controlling a remote VNC Server accessing a VPN
Ross Presser
rpresser@Imtek.com
Fri Jun 6 14:53:00 2003
> -----Original Message----- From: Glenn Lovitz
> The real solution is to make sure you can get through port 23 on your
> firewall, run a SSH server on your work desktop and connect with putty
Small nitpick: SSH runs on port 22, not port 23. Port 23 is telnet.
Larger nitpick: Running a SSH server *in the default configuration* is
not secure. To be secure with SSH, you must:
* disable SSH protocol version 1. This protocol has known
vulnerabilities which can allow an attacker to take over your box.
* use public key authentication (see ssh-keygen) and disable password
authentication. This is not a horribly high risk, but if your password
gets out then your network is compromised.
> Some potential caveats for this: willingness of your network admin --
> you ideally should have a fixed private IP address that NATs to a
I cannot emphasize this enough: you don't just need the COOPERATION of
your network admin, YOU NEED HIS PERMISSION. People have been fired
over less. By doing ANYTHING that lets a machine outside the firewall
access stuff on the network, you are opening a potential channel.
Because now if a hacker can take over your box at home, he can get into
the network and trash it. You now have the network admin's job and his
worries too.