Phil Thompson wrote:
sure, but you wouldn't use a VPN to access a secure website IYSWIM.
Good analogy. The counter argument would be that I would use VPN to securely access a website which didn't provide secure access, but that gets back to your point: are there secure remote access apps which avoid the need for a VPN?
I think the bit I was getting at is that in many cases (and this is going by my own experience) the VPN+remote access is easier to set up than secure remote access (even if the remote access itself is "secure"). It comes down to your definition of security - VNC asks for a password, is that secure? :-)
With secure access to a web server what you're saying is that you want to make sure that what you send to the website is secured from prying eyes. https does relatively little to check that you are accessing the site you think you are, and nothing to control who accesses the site. With remote access to your desktop I'd suggest that the latter is quite important - you're less likely to be worried that someone could see what you do on your remote connection, than you are about someone else using it themselves.
Therefore, putting the security into the hands of someone who writes VPN software seems safer than putting it into the hands of someone who writes remote access software. This is the Unix way: rather than having a secure remote X connection, you'd run an unsecure X connection over a secure SSH connection - let the X people worry about the X protocol and the SSH people worry about the security. This may be your best option, in fact (I can't remember the start of the thread now to remember what you were trying to achieve!).
Another point about remote access (from my own experience) is that I tend to want more than just one protocol. Through my office VPN I have access to my desktop at several levels; at the X level (ie GUI logon access) via NX, SSH access, FTP access, SMB file share access, HTTP access, etc. Making all of those secure independently is less easy than running them all "normally" over a VPN.
-- Mark Rogers // More Solutions Ltd (Peterborough Office) // 0845 45 89 555 Registered in England (0456 0902) at 13 Clarke Rd, Milton Keynes, MK1 1LG _______________________________________________ Peterboro mailing list [email protected] https://mailman.lug.org.uk/mailman/listinfo/peterboro
