Is this safe?

**RobinVossen** · 10-02-2007

I have been working on a Project for Quite a while now.
And well I need to know for sure that this is safe..
So well I want your Opinion on this.

A user connects on a HTTPS site and logs in.
There the user gets a JavaBased VNC client and logs in to the system.
I guess that the VNC traffic isnt going through the https Tunnel is it?
I want to secure this..
Does someone know how I can get this:

Client PC:80 --Internet--Server:80
The internet part is Tunneld like this:
---Firewall---SSL---PHP Login Script---JavaClient---SSH---VNC-Trafic---Desktop.
I just need to be darn sure nobody can Sniff or Hijack the VNC.
Since this is going about VERY sensitive information.
Also I have Truecrypt on the server.
So when the user logs in to the Desktop he enters a Password to get to the trueCrypt information. That encryption is going till the end of the server right?
So for example that TrueCrypt encrypts all the information on-the-fly with WhirlPool. Then the Data will be encrypted like this:
TruecryptVolume -- Whirlpool -- SSH -- SSH+SSL -- Local
Right and not like
TruecryptVolume -- Whirlpool -- Whirlpool+SSH -- Whirlpool+SSH+SSL -- Local

So, well is this secure?
And does somebody know how to make SSH with a Java Applet?
So, well the Java Applet has to make a SSH Tunnel to the server (aka, LocalHost) but is the connection till the server connected in SSH then or is the Entire connection with SSH Secured?

oh, well and I use Localy these Programs to keep me secure:
- truecrypt
- selinux
- snort
- clamav (Anti-Windows Firewall)
- Iptables
- Squid
- rkhunter
- chkrootkit
- Users are Chrootjailed
- Strong password Policy

Is that enough or do I have to include somekind of TCP Wrapper?

Well what do you people think about my security?
Does anyone have any good ideas for me?
And well how is that SSH part going?
Cheers,
~ Robin

Edit:
I forgot to ask.
Does someone maybe already have a Java Applet that does zlib(ssh(VNC-Client?))
So one that is a VNC Client that connects over SSH and compresses all Trafic with SSH? (AES-256)

**likwid** · 10-04-2007

Why are you worried about encrypting data that goes from localhost to localhost?

**RobinVossen** · 10-04-2007

Well, I thought it doesnt :P
Well what is it were I drop that down?
Since maybe I wrote it wrong down? Or maybe I made it confusing?

**likwid** · 10-04-2007

I must have misunderstood. Where is the web server in relation to the VNC server?

**RobinVossen** · 10-04-2007

Yea its the same box.
But well the Trafic from the VNC server is VERY sensetive. :/

**likwid** · 10-04-2007

Who is going to be logging in to this service? The VNC I am familiar with only allows one connection to the desktop.

**RobinVossen** · 10-04-2007

Well, its xvnc so its like remote login for each user that wants to on his own Desktop.
And its a openbox.. :/

**likwid** · 10-04-2007

I see, I think it would be pretty difficult for a user to sniff another user's session. If it's like vanilla X, file permissions need to be messed with for a user to view another user's session. It's probably going to take some more research to figure this one out.

**RobinVossen** · 10-04-2007

heh yea I know I am training for CEH.
But well Sniffing webtrafic isnt that hard..
And.. this must be really secure.. So I thought, maybe someone knowns better then me. lets ask

**likwid** · 10-04-2007

What is CEH?

Thread Tools

Display

Is this safe?

Posting Permissions