Well put. I find that even IT ppl how should know better do very dumb things, sometimes. Mind if I keep a copy around for handling knuckleheaded customers that don't see why they should worry about it.
Evan On Wed, 13 Feb 2002 16:25:54 +1100 "Catelyn Hearne" <[EMAIL PROTECTED]> wrote: > Yes, I wholeheartedly agree. > > However, I have worked with numerous "silly" people who later question > why their respective machines were broken into and tampered with, and > eventually turned over to "the dark side". If VNC is to be used, suitable > passwording is an absolute, along side the securing of a desktop > environment. Without these basis security requirements in place, the > ability for an innocent users workstation to be used for "dark" purposes > is made even easier. As we all know, Win95, 98, 98SE, ME etc do not have > fully securable environments as a standard function within. > > Those who do not understand security principals of a desktop environment > need to be even more vigilant when it comes to what is made available > through a VNC connectable workstation. Windows 95, 98 & ME etc. are > extremely vulnerable, as is NT4 and WIN2K, without the necessary security > patches. > > The point of my E-Mail was to make people aware of how easy it is to open > yourself to problems, and in many cases without knowing that they have > done so. Cable Internet is the prime issue here in Australia. It is > basically a large Thinnet / Thicknet LAN environment, and DSL fits in > here as well. Unless people introduce a firewall of their own, or various > other means of protection, how many people in this world understand how > open they are making themselves?? A very small percentage from what I > have witnessed to date. > > I have been in the IT business since 1979 and have seen people creating > their own security risks. I have also seen people attempt to blame > whatever tools and Server Services for their specific incidents. The > point is don't blame a tool for what people may have not know about in > the first place. VNC is not designed to be a high security remote control > tool. If it was there would be encryption at various levels, at the very > minimum. > > I like VNC, and have used it for some time. I do not want to see people > opening themselves to problems of their own making, without being aware > of what the risks are in the process. An audit trail is OK when you are > in a semi-controlled environment or better. It would be nice to be able > to establish user lists within VNC so that an audit trail would become > more meaningful. However, as long as their is only a single user account > that people authenticate to within VNC, where the connectivity came from > is academic and meaningless. It is not who logged in or where. It is how > and why, and a requirement to assist a VNC Manager in closing the > potential loophole that may have presented itself. > > Don't stop using VNC!! Use it more because it is an excellent product. > Just beware of the risks that are produced when the utilization of such a > product is upheld. Secure your platforms (HPUX, SCO, Linux, Win32 etc). > VNC is a portal to a particular desktop. Make it difficult for a cracker > to penetrate a workstation, not easy. > > Rather than closing the barn door after a horse has bolted, close and > lock it before. This is an excellent policy that all companies should > uphold. An Audit trail is sometimes good after the fact, when the > environment permits. The internet does not allow for this, even if you > are the CIA. We are human and we regularly screw up. But it is so easy to > protect yourself as well, when you know how. > > Sincere regards...... > > -----Original Message----- > From: Paul Gleave <[EMAIL PROTECTED]> > To: Catelyn Hearne <[EMAIL PROTECTED]> > Date: Sat, 9 Feb 2002 09:47:02 +0000 > Subject: Re[2]: Who Is Connected > > > Surely this negates the whole point of running VNC? > > > > On 09 February 2002 you wrote: > > > > > My recomendation is that you do not leave such a machine freely > > connectable > > > on the Internet, as this IS going to happen again. With a Win98 > > workstation, > > --------------------------------------------------------------------- > > To unsubscribe, mail [EMAIL PROTECTED] with the line: > > 'unsubscribe vnc-list' in the message BODY > > See also: http://www.uk.research.att.com/vnc/intouch.html > > --------------------------------------------------------------------- > --------------------------------------------------------------------- > To unsubscribe, mail [EMAIL PROTECTED] with the line: > 'unsubscribe vnc-list' in the message BODY > See also: http://www.uk.research.att.com/vnc/intouch.html > --------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
