As I said in the earlier posts, I was essentially looking for a “Single click” solution for linux VNC remote desktop support. A solution that doesn’t require the remote support client to change firewall settings, install software, etc. What I’ve settled on is closer to a single cut and paste solution, which is fairly simple. The next problem I had was compatibility of the x11vnc binary. The first problem was the xfixes library not being a part of Mandrake 10.0, then xdamage, xrender, xrandr – none of those libraries were found… so, I started looking at the compile options for x11vnc (and the optimization, because I wanted a smaller file size.)
Tag: firewall
-
Remote Tech Support using VNC (Ultravnc SC and x11vnc+wrapper script)
Ok, some time back I’d done a writeup on UltraVNC SC, which is a nice customizable (windows version) VNC server that essentially let’s someone doing remote support build their own downloadable .exe that runs and automatically tries to make a direct connection to a “listening” vnc viewer. It’s good for helpdesk environments as an easy download and run, and I’ve done some trials at using it over the internet with some of my existing computer service customers. Very soon, I’ll be adding a page and information about Remote Tech support services using this same method. I have run into some problems with it though. There are multiple advantages to this approach though (the main being NO firewall config for the user needing remote support – all firewall config is done at the “support center” end. Another advantage being that it’s “hardcoded” to connect to a specific given address and if that fails it gives up and uninstalls itself. The last advantage being that it completely uninstalls after a successful session as well. (Well, technically it never “installs” to begin with.))
-
I’ve NEVER liked UPNP…. now I have another reason….
I remember the first Windows XP vulnerability was a Upnp vulnerability. I have made one of my first visits on any new XP system a visit to grc.com to disable it on an XP workstation. But, it’s the great thing – makes life so much easier for setting up network devices. “You just don’t like it cause it puts you out of business….” It looks like Upnp is a really “malicious hacker friendly” kind of thing, especially when it’s installed and running on a gateway router… let’s say you have a hardware firewall with Upnp. Normally, you plug in an IP camera and maybe the IP camera uses Upnp to open a port so it’s accessible from the outside world. Nice, simple right? Well… what if you download a “browsing experience enhancement toolbar” that opens up another port on the firewall so you can act as a mail relay?
-
The Vista stories keep coming – Vista bad news for small security companies
VuNet has an article today on the coming of Vista and the imminent doom of the smaller security companies. The hardest hit will be anti-spyware and personal firewall vendors they say. It may well be true, it does sound like a different approach to user permissions (limited priviliges by default?) IE7 running in a sandbox, i.e. no permission to touch anything else …. which should cut down on the spread of browser exploits turning machines into spyware infested bots…
-
Network Security – how should an open wireless access point be run beside a safe network?
So, let’s say we want to have an open wireless access point for some reason. (Maybe offering it to guests if you’re a business?) There are certainly a lot of BAD ways to give open wireless access. As we’ve seen in this series so far, it could be quite easy to hijack all connections in a network using arp spoofing. If you run business machines on a network you do NOT by any means want an open access point on the same subnet. Here are some possibilities though…..
-
Windows Wireless vulnerability
Brian Krebs has a post today on a Windows wireless networking “feature” which can be somewhat of a security risk. You see, it seems that With wireless networking enabled, Windows remembers the last wireless SSID that you connected to, so let’s say you were at a public Wireless access point called “Bob’s hotel” and you carry your laptop somewhere else. When the machine boots up, Windows tries to find “Bob’s hotel”, but of course, it’s not available at this other location, so… it assigns a 169.254.x.x ip address and broadcasts looking for “Bob’s hotel” the most recent wireless lan.
-
Makers of fake security software settle lawsuit
The security fix has some news today on some bogus security software makers (the wolves in sheeps clothing as I tend to think of them…) Anyway, they’re settling deceptive trade practice chargers that were brought by the FTC. SpywareAssassin and Spykiller were facing a civil suit over their ads which invariably found infestations on a users pc and offered to clean it up for ~$30 or so.
-
Network Security guide for the home or small business network – intermission…
At this point I’ve exhausted all the topics on network and computer security that I was eager to cover. As things change/ ideas strike I may well add to this series. One direction I see it going is talking in detail about several network utilities and more advanced topics like looking into web site ownership, email header analysis, good topical books/etc.
-
Network Security guide for the home or small business network – Part 19 – What about when you’re not on your home network?
When you’re not at your home network is probably one of those times you should be more on your guard. Wireless access points are very common and a greatly useful thing, but there are some steps you should take to protect yourself, your pc and the data stored there. First it’s worth having a personal firewall for just this type of situation. You obviously can’t make use of a second hardware firewall when hooking up to a wireless LAN. (Although I would think that a small “wireless bridge” adapter of a wireless device to a wired ethernet port MIGHT be able to serve that function. It depends on how it’s implemented.)
-
OpenVPN series
After the Hamachi article I wanted to do a series on OpenVPN. I’ve used it before, but not since the 1.x days…. it’s now at version 2.0.5 and has quite a bit more flexibility. When I first used it, it was pretty much a point-to-point vpn solution. You could set up routing to see the rest of the network and for the network to see the vpn client, but only one client could connect to one server. What this meant is that multiple tap or tun devices were needed on the server, one for each remote vpn client. Also, multiple openvpn processes and multiple openvpn ports.
From my understanding this setup wasn’t necessary under the 2.x series.