> Consider the following scenario:
>
> A tech support worker, behind a corporate firewall, accesses a user's PC
> which is behind another corporate firewall. These firewalls are pretty
> tight, and the only way the tech support worker has access to the user's
> machine is through a single, dedicated VNC port or tunnel set up
> semi-automatically via scripts running on the bastion hosts.
If you're going to only have one protocol available through a firewall, you
should make it SSH, not VNC. VNC is not only too special-purpose to be the
single protoccol available, it's also not any more secure than telnet, for
example and should therefore be tunnelled over SSH wherever possible.
Cheers,
James "Wez" Weatherall
--
"The path to enlightenment is /usr/bin/enlightenment"
Laboratory for Communications Engineering, Cambridge - Tel : 766513
AT&T Labs Cambridge, UK - Tel : 343000
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
