imposing security on users

Mike Miller mbmiller "at" taxa.epi.umn.edu
Thu Apr 15 04:43:00 2004


On Wed, 14 Apr 2004 listbox_8811 "at" hotmail.com wrote:

> People have been asking for built in encryption for years, and they have
> yet to implement it.

It's probably a really difficult job to program it.

I'll tell you -- every time I say something to nearly anyone about VNC, if
they've heard of it, but aren't expert on it, the first thing they say is,
"VNC is not secure."  Having a version with encryption built in would
definitely make VNC much more appealing to a lot of people.


> For Linux/Unix there is even less reason to implement it as virtually
> all those machines have SSHd running already. For Windows it makes more
> sense to have built in encryption.

I can agree that it is even better for Windows, but I think it makes
plenty of sense for Linux.  Without it, if I'm at a computer lab and want
to connect to my server, what do I have to do?  You know the steps.  It's
a few minutes of work, and that is assuming the machine will allow me to
install PuTTY (or whatever).


> I feel the best way of restricting your users from making direct
> connections would be to setup your firewall to not allow connections to
> vnc, and allow from SSH.
>
> And a good project I have thought about would be a vnc viewer with a SSH
> client built in and transparent - though I would have no way to know how
> to make such a thing.

Yes.  We need that, don't we?  It must be really difficult to program such
a thing or we'd have it already.

Mike

-- 
Michael B. Miller, Ph.D.
Assistant Professor
Division of Epidemiology
and Institute of Human Genetics
University of Minnesota
http://taxa.epi.umn.edu/~mbmiller/