Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
I have been working on a Project for Quite a while now. And well I need to know for sure that this is safe.. So well I want your Opinion ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429

    Is this safe?


    I have been working on a Project for Quite a while now.
    And well I need to know for sure that this is safe..
    So well I want your Opinion on this.

    A user connects on a HTTPS site and logs in.
    There the user gets a JavaBased VNC client and logs in to the system.
    I guess that the VNC traffic isnt going through the https Tunnel is it?
    I want to secure this..
    Does someone know how I can get this:

    Client PC:80 --Internet--Server:80
    The internet part is Tunneld like this:
    ---Firewall---SSL---PHP Login Script---JavaClient---SSH---VNC-Trafic---Desktop.
    I just need to be darn sure nobody can Sniff or Hijack the VNC.
    Since this is going about VERY sensitive information.
    Also I have Truecrypt on the server.
    So when the user logs in to the Desktop he enters a Password to get to the trueCrypt information. That encryption is going till the end of the server right?
    So for example that TrueCrypt encrypts all the information on-the-fly with WhirlPool. Then the Data will be encrypted like this:
    TruecryptVolume -- Whirlpool -- SSH -- SSH+SSL -- Local
    Right and not like
    TruecryptVolume -- Whirlpool -- Whirlpool+SSH -- Whirlpool+SSH+SSL -- Local

    So, well is this secure?
    And does somebody know how to make SSH with a Java Applet?
    So, well the Java Applet has to make a SSH Tunnel to the server (aka, LocalHost) but is the connection till the server connected in SSH then or is the Entire connection with SSH Secured?

    oh, well and I use Localy these Programs to keep me secure:
    - truecrypt
    - selinux
    - snort
    - clamav (Anti-Windows Firewall)
    - Iptables
    - Squid
    - rkhunter
    - chkrootkit
    - Users are Chrootjailed
    - Strong password Policy

    Is that enough or do I have to include somekind of TCP Wrapper?

    Well what do you people think about my security?
    Does anyone have any good ideas for me?
    And well how is that SSH part going?
    Cheers,
    ~ Robin

    Edit:
    I forgot to ask.
    Does someone maybe already have a Java Applet that does zlib(ssh(VNC-Client?))
    So one that is a VNC Client that connects over SSH and compresses all Trafic with SSH? (AES-256)
    Last edited by RobinVossen; 10-02-2007 at 10:20 AM. Reason: Forgot something
    New Users, please read this..
    Google first, then ask..

  2. #2
    Linux Enthusiast likwid's Avatar
    Join Date
    Dec 2006
    Location
    MA
    Posts
    649
    Why are you worried about encrypting data that goes from localhost to localhost?

  3. #3
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    Well, I thought it doesnt :P
    Well what is it were I drop that down?
    Since maybe I wrote it wrong down? Or maybe I made it confusing?
    New Users, please read this..
    Google first, then ask..

  4. #4
    Linux Enthusiast likwid's Avatar
    Join Date
    Dec 2006
    Location
    MA
    Posts
    649
    I must have misunderstood. Where is the web server in relation to the VNC server?

  5. #5
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    Yea its the same box.
    But well the Trafic from the VNC server is VERY sensetive. :/
    New Users, please read this..
    Google first, then ask..

  6. #6
    Linux Enthusiast likwid's Avatar
    Join Date
    Dec 2006
    Location
    MA
    Posts
    649
    Who is going to be logging in to this service? The VNC I am familiar with only allows one connection to the desktop.

  7. #7
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    Well, its xvnc so its like remote login for each user that wants to on his own Desktop.
    And its a openbox.. :/
    New Users, please read this..
    Google first, then ask..

  8. #8
    Linux Enthusiast likwid's Avatar
    Join Date
    Dec 2006
    Location
    MA
    Posts
    649
    I see, I think it would be pretty difficult for a user to sniff another user's session. If it's like vanilla X, file permissions need to be messed with for a user to view another user's session. It's probably going to take some more research to figure this one out.

  9. #9
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    heh yea I know I am training for CEH.
    But well Sniffing webtrafic isnt that hard..
    And.. this must be really secure.. So I thought, maybe someone knowns better then me. lets ask
    New Users, please read this..
    Google first, then ask..

  10. #10
    Linux Enthusiast likwid's Avatar
    Join Date
    Dec 2006
    Location
    MA
    Posts
    649
    What is CEH?

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •