[Nottingham] Re: Exposing our internal network
peter at petersiepmann.net
Fri Dec 2 13:59:42 GMT 2005
First, thanks to everyone for all their very helpful pointers on this
topic. Second - hello! - I'm helping Mike with his small IT revolution
and just joined the LUG at his suggestion!
I think, as it will only ever be me or Mike using SSH, that not using
passwords at all, rather keys, sounds like a very good plan.
As for HTTP, all but a simple database query script will be
password-protected, so, with an up-to-date Centos distribution, we
should be safe.
I wondered if you have any advice on another related point. It would be
very useful indeed for me & Mike to be able to do as much maintenance
and problem solving as possible (including that of the Windows clients)
remotely as getting into the office is not always terribly convenient.
In particular, the ability to throw up any of the client's desktops on
our screen would be invaluable. I have installed RealVNC server
(resticted to the internal network only) on most of the client machines,
and the server also runs the vncserver service. I've used my home
machine to test this out and have found that a) using a program such as
RealVNC viewer is not safe at all - the password is sent unencrypted and
b) using X11 forwarding through SSH is /much/ slower, as it actually
renders the application itself, rather than just a JPEG representation
of the display. Any suggestions gratefully received!
This message has been checked for viruses but the contents of an attachment
may still contain software viruses, which could damage your computer system:
you are advised to perform your own checks. Email communications with the
University of Nottingham may be monitored as permitted by UK legislation.
More information about the Nottingham