Security behind a router?

Gary Sieker gsieker "at" mail.com
Mon Mar 22 04:25:00 2004


<snip>
>It's possible that at some point I may want to allow one or two 
>outside hosts access to the VNC server.  That would require me to 
>open up the ports on the router, which makes my network more 
>visible than I like but it seems to be a necessary evil.  But 
>even if the ports are open, no one can touch the VNC server 
>unless they're included in the AuthHosts list.  So in theory, 
>even if I opened the router ports, nobody could access my VNC 
>server because my AuthHosts is "-:+192.168".  Right?
>
>Thanks!
>Gary

Well, no, that's not really true.  While AuthHosts can be a deterrent,
it certainly can be defeated rather easily by simply spoofing a previously
allowed address.

If you want to retain any security at all while still allowing external
connections, you should use vpn or some sort of encrypted tunnel.  There are
several free options available, ssl(stunnel), zebedee and ssh to name a few.

-Gary
-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm