> I'm attempting to convince my IT dept. that I need VNC to run on the >Macs in my labs. Basically, VNC allows me and my staff to assist our >clients remotely, which is a huge blessing because our labs are spread all >over campus, so we're not always physically in position to help our clients >in-person, but we can use (and have been using) VNC to do so. The rub is >this: one side of campus (the university side) is pretty open when it comes >to internet traffic. Therefore, we had no problem installing ChromiVNC on >those machines. The other side of campus (hospital/clinic) is much more >strict in terms of outside connectivity (and rightly so!). So we're looking >for the right argument and ammunition to convince them that it's secure. >I've been looking for solutions (SSH?) to help me in my justification. >Anybody have any ideas here?
If you can use SSH, I suggest setting up a proxy box on the 'edge' of the network and prohibiting traffic ingress from anywhere but this machine. That way you can worry about securing one box instead of many, perhaps by requiring a login via SSH to open a tunnel towards the inside of the network. Of course this works best if you have only a few users who will actually need to access VNC from outside, and they are reasonably competent (if it's you and your staff, that's fairly likely). But for security you want that anyway. For maximum reliability, I suggest using Adrian Umpleby's add-on to ChromiVNC, known as vncPatches68k. It replaces the vncPatches supplied with ChromiVNC and fixes several problems which can cause session freezes, which would otherwise require physical presence at the machine to resolve. -- -------------------------------------------------------------- from: Jonathan "Chromatix" Morton mail: [EMAIL PROTECTED] (not for attachments) website: http://www.chromatix.uklinux.net/vnc/ geekcode: GCS$/E dpu(!) s:- a21 C+++ UL++ P L+++ E W+ N- o? K? w--- O-- M++$ V? PS PE- Y+ PGP++ t- 5- X- R !tv b++ DI+++ D G e+ h+ r++ y+(*) tagline: The key to knowledge is not to rely on people to teach you it. --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
