[Nottingham] Re: Exposing our internal network

[Peter Siepmann]

First, thanks to everyone for all their very helpful pointers on this 
topic.  Second - hello! - I'm helping Mike with his small IT revolution 
and just joined the LUG at his suggestion!

I think, as it will only ever be me or Mike using SSH, that not using 
passwords at all, rather keys, sounds like a very good plan.

As for HTTP, all but a simple database query script will be 
password-protected, so, with an up-to-date Centos distribution, we 
should be safe.

I wondered if you have any advice on another related point.  It would be 
very useful indeed for me & Mike to be able to do as much maintenance 
and problem solving as possible (including that of the Windows clients) 
remotely as getting into the office is not always terribly convenient. 
In particular, the ability to throw up any of the client's desktops on 
our screen would be invaluable.  I have installed RealVNC server 
(resticted to the internal network only) on most of the client machines, 
and the server also runs the vncserver service.  I've used my home 
machine to test this out and have found that a) using a program such as 
RealVNC viewer is not safe at all - the password is sent unencrypted and 
b) using X11 forwarding through SSH is /much/ slower, as it actually 
renders the application itself, rather than just a JPEG representation 
of the display.  Any suggestions gratefully received!

Peter

-- 
Peter Siepmann
Nottingham, UK
http://www.petersiepmann.net

This message has been checked for viruses but the contents of an attachment
may still contain software viruses, which could damage your computer system:
you are advised to perform your own checks. Email communications with the
University of Nottingham may be monitored as permitted by UK legislation.