Good point about the further login credentials Wayne. The system is basic and has a hardware firewall router and three XP boxes. They have no other services except WEB and POP3 mail. As long as I do not browse
What I meant about the static IP's was this. I get three static IP addresses assigned, create static routes on the router then connect straight through to the boxes individually just using the static IP's and static NAT. I would of course only allow in the VNC ports. I thought this combined with the user app being loaded and unloaded on request would mean a fairly secure and simple solution. I have never used a VPN and do not know what it is, I may read up on it and learn the functionality before making a decision.
Allowing only my IP address to connect would be good, but it is very easy to spoof a source address as we know. I do not intend to connect t these machines very often, possibley only once of twice a week.
As for using Windows RDP server, I am not a keen fan of using any Windows services if I can help it as I am at the mercy of MS security, as this is the service that is most likely to be used for remote access I thought it would be safer not to use this service, security through obscurity!
I shall look into VPN's....
Wayne Stallwood wrote:
The main issue is that your key presses will be travelling across an untrusted network un-encrypted. So if you have to provide further login credentials post logging into VNC then those credentials could be compromised.
"I am setting up their on site firewall to use static real IP addresses from the ISP"
Do you mean you are going to set their firewall to only accept a VNC connection from your address ? That's about the only way I'd even start to feel safe running VNC in the wild.
Why are you not using XP's built in RDP server ? There are some perfectly good RDP clients for Linux and in my experience it is better over limited bandwidth than VNC.
But personally I would consider setting up a VPN, that's how I support most of my clients...also if there is more than one machine to support at each site then opening separate ports on the gateway for each machine becomes a bit of an admin nightmare.
main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!