jnw "at" realvnc.com
Wed Aug 17 14:17:01 2005
> Alternatively it's possible to configure VNC to only accept
> from localhost. This requires a VPN to be set up between the
> remote and
> local machines. That can use any type of encryption your IT
> guys think
> is required. Even if the blackhats sniff the network traffic it won't
> get them in. As a former IT guy I prefer this approach.
You would configure VNC to accept connections only from localhost if you
were tunnelling via something like SSH, not when accessing systems via a
A VPN will typically appear to the two computers as a distinct network
interface, through which the other computer is accessible. This is
*precisely* the sort of configuration that Mike *deosn't* want, since it
means that the two computers are effectively then exposed to each other
directly, and viruses can easily propagate using security loop-holes such as
those often found in Windows File Sharing.
Wez @ RealVNC Ltd.