imposing security on users
mbmiller "at" taxa.epi.umn.edu
Thu Apr 15 04:43:00 2004
On Wed, 14 Apr 2004 listbox_8811 "at" hotmail.com wrote:
> People have been asking for built in encryption for years, and they have
> yet to implement it.
It's probably a really difficult job to program it.
I'll tell you -- every time I say something to nearly anyone about VNC, if
they've heard of it, but aren't expert on it, the first thing they say is,
"VNC is not secure." Having a version with encryption built in would
definitely make VNC much more appealing to a lot of people.
> For Linux/Unix there is even less reason to implement it as virtually
> all those machines have SSHd running already. For Windows it makes more
> sense to have built in encryption.
I can agree that it is even better for Windows, but I think it makes
plenty of sense for Linux. Without it, if I'm at a computer lab and want
to connect to my server, what do I have to do? You know the steps. It's
a few minutes of work, and that is assuming the machine will allow me to
install PuTTY (or whatever).
> I feel the best way of restricting your users from making direct
> connections would be to setup your firewall to not allow connections to
> vnc, and allow from SSH.
> And a good project I have thought about would be a vnc viewer with a SSH
> client built in and transparent - though I would have no way to know how
> to make such a thing.
Yes. We need that, don't we? It must be really difficult to program such
a thing or we'd have it already.
Michael B. Miller, Ph.D.
Division of Epidemiology
and Institute of Human Genetics
University of Minnesota