David Rothman wrote:
>
> ----- Original Message -----
> From: "Joseph A. Knapka" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, February 18, 2001 2:49 PM
> Subject: Re: mapping a remote drive
>
> > David Rothman wrote:
> > >
> > > is SSH with win 2000 really a practical solution for the
> > > 'simple' task of file xferring when ftp is an available
> > > option, or am i missing something?
> > >
> >
> > SSH is practical. It's justified if you want security;
> > transferring files via FTP is completely insecure.
>
> insecure how? easy to break into the system the server sits
> on (regardless of whatever security the server software has
> enabled)? easy to intercept files while they r being
> xferred? can u be more specific?
During an FTP session, the password and all data is transferred
in the clear, meaning that anyone with a network sniffer can
get your password or your data easily. Also, there are a
number of root exploits against various FTP servers (I don't
know the details, just that they exist).
> >
> > I thought the desire was to share a SMB network drive
> > across the internet when there are firewalls in the way,
> > in which case you will absolutely need some form of
> > port-forwarding or VPN. The secure port-forwarding
> > solution is SSH. Forgive me if I misunderstood the
> > original question.
>
> in my situation (using win 2000 pro behind netgear rt311
> routers), it's enuf to forward ports (which is what i do for
> VNC). im not quite sure how to setup SSH under windows.
> actually im still confused about the differences between
> VPN, IIS and SSH - but im working on it...
Remember that VNC is also completely insecure. It would be
fairly simple to build an application that would allow you to
view anyone's VNC desktop while they are connected to it,
provided your physical network segment was part of the
route between VNC client and VNC server (though I don't know
of anyone actually doing this). If you are accessing your
desktop from the Internet, it is a very good idea to use some
form of encryption.
http://www.jfitz.com/tips/ssh_for_windows.html has information
about free SSH clients and servers for Windows systems.
VPN == Virtual Private Network. Essentially, VPN software allows
you to establish a secure connection between two secure networks
using the *insecure* Internet as the transport. For example,
I have a private network sitting behind a firewall at home,
and my employer has a private network at its development
facility two timezones away. My firewall and my employer's
firewall establish an encrypted link that acts as a virtual
LAN, allowing data to move from my private net to my
employer's and vice versa (exactly as if they were physically
connected) without being vulnerable to sniffers on the public
networks across which the data must pass.
IIS is just a web server, like Apache. Built and
marketed by our noble pals at Micro$oft.
SSH is essentially just a secure version of Telnet or any
other remote terminal program: it lets you log in to a remote
machine and interact with a command shell.
Unlike Telnet, SSH encrypts all the data it sends. It has the
additional ability to securely transfer selected network
traffic between the client and server machines. It is possible
to build a VPN using SSH tunnels as the transport mechanism,
though it is more common to use purpose-built VPN software
and protocols like PPTP (point-to-point tunnelling protocol)
or IPv6's security extensions.
HTH,
-- Joe Knapka
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
