In that case, as long as your router does not forward connections from the Internet that are VNC related then there is no need to set-up AuthHosts as any such attempted connections from the Internet will be blocked by your router.
This is the configuration I have set-up at the network I administer. If I need access to any of the 20 VNC servers at the office I first have to connect to our network through a encrypted PPTP connection to the VPN server and the I have to use the corresponding password to the VNC server I'm connecting to, so I actually have two levels of security. External connections to the network I look after are heavily authenticated and logged. I actually locked myself out once and had to make the 8.5 mile trip to the office to finish off what I was doing at the time, and unlock the account used for the VPN connection. I can't really go into any more details on the automated security mechanics I have put in place. At the end of the day, how paranoid are you and how valuable is the network's health to you? Balance the two out. At 11:52 21/03/2004, Jerome R. Westrick wrote: >I assume that there is no snooping within the network.... > >my reasoning goes as follows: >In the networks I setup, the "physical" security is comparatively lax >(i.e. it's quite easy to break into the offices). > >So I felt it was not worth the effort to secure in the internal network >when anyone can walk up to the server and build the disk out! > >For me, anybody with physical access to the office does not need to be >protected against active attacks. (Like snooping, burning CD's with >sensitive data, walking out with physical disks). > > >Acidental (errors like "format c:", are another matter)... > >Jerry > > >On Sun, 2004-03-21 at 12:00, [EMAIL PROTECTED] wrote: >> If your router is not configured to forward connections into your LAN, or is >> configured to block the necessary ports then there is no need to set AuthHosts, but >> there is no harm is doing so. As to setting up SSH on your LAN, or there a risk >> that a user on your LAN will conduct a bit of hacking? >> >> At 05:14 21/03/2004, Gary Fritz wrote: >> >I just installed VNC on several systems and, remarkably, it >> >worked quite well with almost no twiddling. >> > >> >I changed the AuthHosts value to permit only hosts on my local >> >LAN to connect. (I.e. set it to "-:+192.168".) I assume this >> >will prevent ALL connections from any outside hosts. >> > >> >Question: All hosts on the LAN are behind a router. In this >> >case, is it necessary to go through the pain of setting up SSH? >> >Or can I safely assume that all traffic between server & clients >> >will stay behind the router, so there's no way an unfriendly >> >could snoop them? >> > >> >Gary >> _______________________________________________ >> VNC-List mailing list >> [EMAIL PROTECTED] >> To remove yourself from the list visit: >> http://www.realvnc.com/mailman/listinfo/vnc-list >_______________________________________________ >VNC-List mailing list >[EMAIL PROTECTED] >To remove yourself from the list visit: >http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
