Date: Wed, 11 Sep 2002 22:10:08 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Rob B <rbyrnes@ozemail.com.au> Cc: erk! <tapeworm@insekta.org>, freebsd-questions@FreeBSD.ORG Subject: Re: tridiavnc security info? Message-ID: <20020912031008.GB13261@dan.emsphone.com> In-Reply-To: <5.1.0.14.2.20020912123436.03b4dec0@pop.ozemail.com.au> References: <20020911090529.C7198@seekingfire.com> <20020911090529.C7198@seekingfire.com> <5.1.0.14.2.20020912123436.03b4dec0@pop.ozemail.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Sep 12), Rob B said: > At 08:55 11/09/2002 -0700, erk! sent this up the stick: > > i'm curious, however, if anyone knows of specific security issues > > to watch for/protect against when doing this. i'm not so worried > > about whether or not the windows box gets compromised, but i'd like > > to keep my freebsd box, which is my main desktop, protected as much > > as possible. i'm not familiar at all with the method that tridia > > uses to connect remotely, so any info here would be appreciated. > > AFAIK, all passwords used to connect to VNC are in the clear, so I > tunnel my VNC client through an ssh session. No, authentication is via a challenge-response method. Question 55 in the VNC faq http://www.uk.research.att.com/vnc/faq.html#q55 . The rest of the stream is unencrypted though, so an ssh tunnel is still a good idea. -- Dan Nelson dnelson@allantgroup.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020912031008.GB13261>