I need a solution to this problem fast.. Please help guys

Barbara Stanislawski barbara "at" sohocomputerservices.biz
Tue Sep 28 17:38:00 2004 

While "stupid" is a judgment I certainly am not
pointing a finger at anyone. Have done my share.
Because I was not personally involved in the original
exchange it was clear that there was information
driving the opinion. What you have listed here is much
more helpful.  Thank you for clearing this up!

-----Original Message-----
From: vnc-list-admin "at" realvnc.com
[mailto:vnc-list-admin "at" realvnc.com] On Behalf Of Jvrn
Nettingsmeier
Sent: Tuesday, September 28, 2004 11:16 AM
To: barbara "at" sohocomputerservices.biz
Cc: vnc-list "at" realvnc.com; kahhaleh "at" gmail.com
Subject: Re: I need a solution to this problem fast..
Please help guys

hi guys!

Barbara Stanislawski wrote:
> With all due respect could you be more specific than
> "stupid". Seriously, I am new to much of this...are
you
> saying stupid because of a possible security issue?

sorry, it seems my choice of words was rather poor, and
the original 
poster also seemed to have taken personal offense, as
he explained in 
private mail. my apologies.

well, what i should have said is:

when a very restrictive firewall is in place, it
usually reflects a 
conscious security decision. when you tunnel, you are
circumventing it.

which means that you are possibly reducing the security
of the site.
you should talk to the admin before you tunnel and make
sure you don't 
open up holes.

my main points of criticism for the proposed setup:

* it is obvious that the admin does not want anything
other than http 
traffic, which implies "web", not "any funky protocol
you can shove 
through it".

* vnc is not suitable for use in public networks, since
it is not 
encrypted. even if you personally don't care about your
server, your 
network neighbours care when it gets hacked. hence my
suggestion to 
tunnel through ssh if any.

* tunnels can be misconfigured, to allow traffic in
both directions. 
that means if a tunneling user screws up, the site
security is toast.
so do it in cooperation with your admin, or don't do it
at all.


again, sorry if i have offended you. maybe you can
excuse that if i tell 
you i have been patching windows systems against the
latest gdi security 
fuckup for 13 hours straight....


best regards,

jvrn






-- 
Jvrn Nettingsmeier, EDV-Administrator
Institut f|r Politikwissenschaft
Universitdt Duisburg-Essen, Standort Duisburg
Mail: pol-admin "at" uni-duisburg.de, Telefon: 0203/379-2736
_______________________________________________
VNC-List mailing list
VNC-List "at" realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list