Peter:
Hello! Thanks for writing. You make some good points I
wanted to comment on:
> > I'm working now on a version that allows for
> > a secure tunnel to be setup that doesn't require touching the
> > firewall settings on either side of the connection.
>
> With all due respect I must admit to being a bit edgy about your
> proposal.
I too felt the same edginess when I first read about
GoToMyPC.com's service: the client is easy to install, it's
closed source, a PC running a client is accessible from any
browser anywhere, it uses a single password for authentication,
and all of the data passes thru GoToMyPC.com's servers. Yikes.
Still, for legitimate use, it's a great app (from what
I read in reviews and so forth) and very easy to get working.
That's worth emulating, IMO, although I do intend on improving
upon it with Kaboodle: VPN initiation will require pub-priv
keypair certificates as well as password authentication to help
enhance user validation; in KaboodleProxy, all of the data exchange
will pass through one of *your* servers, not one of mine. Lastly,
the client is, of course, open-source which naturally eliminates
any chances of "backdoors", and promotes the earliest discovery
and repair of security lapses.
Thanks again for writing, though. It's good for me to be
occasionally reminded that every good tool can be put to dual-use...
and that "convenience" can be the opposite of "security".
cheers,
Scott
> My worries go like this:
>
> 1. Setting up a VPN tunnel to remotely bridge/manage a
> lan is a great tool.
>
> 2. However, the power of tools like this carry serious
> and inescapable security implications.
>
> 3. If you don't have control of the firewall's/routers at
> both ends because you are not the network management
> do you have the right to place what is effectively a
> stealthed tunnel between the two lans ?. In all organizations
> I know this would be considered gross misconduct.
>
> 4. If you do own/manage both lans and it is not normally
> a big problem to redirect two ports.
>
> 5. The availability of a tool to stealth a VPN between lans,
> would be so say the least, an additional and difficult to
> detect security hole for network managers.
>
> 6. I would also point out the current Worm using port 445 to
> install VNC on Windows 2000 and later pcs. The use of
> a similar Worm to install Kaboodle with stealthed VPNs
> is not very pleasant to contemplate.
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
http://www.realvnc.com/mailman/listinfo/vnc-list
