True. And the next best thing is to pull most of the cables, virtually speaking, by tunnelling. That way you only have one "cable" connected to the internet. The difficulty of cracking a passphrase makes a successful breach all but impossible.
> "Vince" <[EMAIL PROTECTED]> > 02/25/2004 02:02 AM > > There is only one way to have a secure computer: disconnect all network > cables. > > ViNCe > > > -----Oorspronkelijk bericht----- > > Let me echo Jack with a bit of emphasis. Look, some of you > > are publishing the IP addresses of your routers, the make and version > > of your routers, WHICH PORTS YOU ARE OPENING and the ip > > addresses and operating systems of the machines behind your > > routers. This is a public mailing list that anybody can subscribe to. > > Your routers should be serving as FIREWALLS and many of you > > are degrading them to be simple routers and then letting the world > > know where to send their probes. > > Please look into VPN and SSH. Use VNC exclusively through one of > > these. > > Also, educate yourselves on intrusion detection. Turn up the logging > > verbosity on your routers and check them regularly. You may well be > > surprised to see what is going on "down there" > > http://www.google.de/search?q=monitor+access+attempts+tcp%2Fip+firewall+intr > > usion+detection+windows&ie=UTF-8&oe=UTF-8&hl=de&btnG=Google+Suche&meta= > > > If you can... look at firewalls (free software based firewal > > > http://ipcop.org) over hardware accessport by linksys or netgear... > > > you can limit what IPs are allowed access to red:5900 . This is > > > still not the a good solution, because you are using a known vector > > > to your equipment. > > > What is better is to a tunnel... VPN or SSH (again avialable in IPCop > > > for example). With these you will NOT be going to erd port 5900. > > > You will be setting up a "extention" to your network. So your remote > > > will be functioning more akin to a local machine. Now VNC will be > > > connecting to server. But the traffic will be flowing though the > > > routers. PS all encrypted. > > > Some net resources... > > > Jack Beglinger > > > Project Lead IPCop > > Best regards, > > Carlyle > > Technical Information Security Officer Carlyle -- Diese E-Mail enthdlt vertrauliche und/oder rechtlich gesch|tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrt|mlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
