VNC and security issues at a university

[Mick]

On Wednesday 13 December 2006 22:07, Anne Gorham wrote:

> What I am trying to do is enable students to access a Sun Solaris computer
> from either a Linux computer or an XP PC. On that Sun, students store
> instrument analyses, and often want to process this data from their own
> computers or from workstations in the lab.

I assume that the "instrument analyses" are data files?

> What I am concerned with is security. I was going to have the students open
> a secure shell (SSH) window, connect to the Sun, and start a vncserver
> session. Once that is done, launch their viewer and get to work. After they
> are done, they'll close the viewer and then kill the session.

Do they need/have to run a VNC viewer session?  Can't they just donwload the
data files using e.g. ftp, work on these locally at their PC's, or at a
remote college workstation and then upload the modified data back to the
server?

> Do I need to do anything else to safeguard and/or streamline this process?

If you are going to give them shell access I hope that this is on a strictly
locked down server user account with minimal access rights (both in terms of
commands/binaries and in terms of directories).  Unless they *must* run
applications on the server I would shy away from letting anyone loose on it.
By the way, on a Solaris I would recommend running FreeNX
http://freenx.berlios.de/info.php or NoMachine NX
http://www.nomachine.com/products.php which is significantly faster than VNC
and has free clients for Linux & MSWindows.
--
Regards,
Mick

[demime 1.01d removed an attachment of type application/pgp-signature]