WinVNC

Archived from groups: comp.security.firewalls (More info?)

We would like a solution for demonstrating our application to customers over
the internet. I was thinking we could setup a WinVNC server in our office
and then send the WinVNC client to the customer so that they could connect
to our computer and we could walk them through the program over the phone.

Our customers are hospitals. Do you think there will be a problem with
customers inside hospital networks connecting to us using the WinNVC client?
They are able to browse web pages so their port 80 is open, so could we set
the VNC client to use port 80?
20 answers Last reply
More about winvnc
  1. Archived from groups: comp.security.firewalls (More info?)

    In article <Xn8kc.20955$7a5.2982@bignews6.bellsouth.net>,
    mikeotown@nospam.msn.com says...
    > We would like a solution for demonstrating our application to customers over
    > the internet. I was thinking we could setup a WinVNC server in our office
    > and then send the WinVNC client to the customer so that they could connect
    > to our computer and we could walk them through the program over the phone.
    >
    > Our customers are hospitals. Do you think there will be a problem with
    > customers inside hospital networks connecting to us using the WinNVC client?
    > They are able to browse web pages so their port 80 is open, so could we set
    > the VNC client to use port 80?

    Since most places have rules to block that type of thing, and since most
    places don't let users install apps, you are going to have to do
    something that does not require a rule in the firewall or installation
    of software.

    Try the following:

    1) Power Point Demo
    2) PDF Multi-media demo
    3) Combination of PPT and AVI's
    4) If your product is web enabled, and what product isn't today, just
    open a demo site for them.
    5) Visit them with the demo on a laptop and take a projector


    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  2. Archived from groups: comp.security.firewalls (More info?)

    We have PowerPoints and a web site but we'd like for us and the client to be
    able to look at the same thing at the same time to walk them through the
    product without traveling to the client site because of travel costs.

    GoToMyPC.com and other companies do it through a web browser so why can't
    we? If we could do it through a web browser then any client should be able
    to do it.

    "Leythos" <void@nowhere.com> wrote in message
    news:MPG.1afaec7e6b25255198a462@news-server.columbus.rr.com...
    > In article <Xn8kc.20955$7a5.2982@bignews6.bellsouth.net>,
    > mikeotown@nospam.msn.com says...
    > > We would like a solution for demonstrating our application to customers
    over
    > > the internet. I was thinking we could setup a WinVNC server in our
    office
    > > and then send the WinVNC client to the customer so that they could
    connect
    > > to our computer and we could walk them through the program over the
    phone.
    > >
    > > Our customers are hospitals. Do you think there will be a problem with
    > > customers inside hospital networks connecting to us using the WinNVC
    client?
    > > They are able to browse web pages so their port 80 is open, so could we
    set
    > > the VNC client to use port 80?
    >
    > Since most places have rules to block that type of thing, and since most
    > places don't let users install apps, you are going to have to do
    > something that does not require a rule in the firewall or installation
    > of software.
    >
    > Try the following:
    >
    > 1) Power Point Demo
    > 2) PDF Multi-media demo
    > 3) Combination of PPT and AVI's
    > 4) If your product is web enabled, and what product isn't today, just
    > open a demo site for them.
    > 5) Visit them with the demo on a laptop and take a projector
    >
    >
    >
    > --
    > --
    > spamfree999@rrohio.com
    > (Remove 999 to reply to me)
  3. Archived from groups: comp.security.firewalls (More info?)

    "Leythos" (void@nowhere.com) said in
    news:MPG.1afaec7e6b25255198a462@news-server.columbus.rr.com:
    > In article <Xn8kc.20955$7a5.2982@bignews6.bellsouth.net>,
    > mikeotown@nospam.msn.com says...
    >> We would like a solution for demonstrating our application to
    >> customers over the internet. I was thinking we could setup a WinVNC
    >> server in our office and then send the WinVNC client to the customer
    >> so that they could connect to our computer and we could walk them
    >> through the program over the phone.
    >>
    >> Our customers are hospitals. Do you think there will be a problem
    >> with customers inside hospital networks connecting to us using the
    >> WinNVC client? They are able to browse web pages so their port 80 is
    >> open, so could we set the VNC client to use port 80?
    >
    > Since most places have rules to block that type of thing,

    But the OP said the potential customers CAN browse web pages. If they
    are still using the default port 80 to do so, why wouldn't the VNC
    client which was also using port 80 be able to get through? I suppose
    it is possible the firewall checks for HTTP headers for datastreams
    using port 80, but wouldn't using the VNC in-built web server circumvent
    that check (see http://www.realvnc.com/faq.html#firewall)? I'm assuming
    the customer just uses their web browser to connect to the VNC web
    server. Or does that merely present a web page to download a Java
    applet to the customer where they then locally run the applet (which
    would make the real VNC server connection but without using HTTP)?

    > and since
    > most places don't let users install apps, you are going to have to do
    > something that does not require a rule in the firewall or installation
    > of software.

    "The Windows viewer, for example, is about 150K in size and can be run
    directly from a floppy" (http://www.realvnc.com/why.html). So nothing
    would have to be installed on the potential customers computer. That
    quote was from RealVNC.com which is now where you get WinVNC (see
    http://www.uk.research.att.com/vnc). Also, if the in-built web server
    for VNC is used, it looks to download a Java applet for the VNC viewer
    on the client's host. This isn't an install but does require that Java
    is enabled in the browser and that a JVM has been installed (as either
    part of the browser or separately).

    So which is better, WinVNC (www.realvnc.com) or TightVNC
    (www.tightvnc.com) which is derived from WinVNC?

    While OpenSSH is recommended (by realvnc.com) for security, that's just
    for the connection to protect the content of the communications.
    OpenSSH is a Unix solution. Anyone know of a good, free, easy to use
    and easy to setup client-side Windows alternative to OpenSSH? I use
    SpamPal for spam filtering, it doesn't do SSL connections, but it
    mentions STunnel (www.stunnel.org). Is STunnel any good and will it
    work with WinVNC (or TightVNC)? While OpenSSH protects the content of
    the VNC communications, it still doesn't address protecting the VNC
    server host and regulating the password divulged to unregulated or
    uncontrolled customers.

    Since you are letting outside unregulated clients (not employees) get
    into the host running the VNC server, wouldn't this be a security
    threat? After all, you're divulging the password to use the VNC client
    to users that could redistribute that password. Seems like you would
    need to take into account some security measures on your VNC server
    host, like moving it to a DMZ zone on your router, or having the
    customer call when about to connect to give them a password you create
    on-the-fly and which you delete or change after the session. Of course,
    you could just run the VNC server as an application and unload it after
    the session, or run it as a service and stop it after the session.

    > Try the following:
    >
    > 1) Power Point Demo

    Never seen these as impressive when trying to promote a product without
    an included speaker to guide the presentation.

    > 2) PDF Multi-media demo
    > 3) Combination of PPT and AVI's

    Some products are so complex and highly configurable to the user's needs
    that a demo just won't cut it. It may present a scenario for
    demonstration that is nothing like the customer's needs or environment.
    But then trying to teach them remotely doesn't work as well, either.
    Yeah, showing them how to use a sub-$1000 product, like Word, is doable,
    but not when it is a vertical market product that starts out costing
    $50K (but then sitting on your fanny and hoping the potential customer
    logs in when you are ready is not the way to sell such products).

    > 4) If your product is web enabled, and what product isn't today, just
    > open a demo site for them.

    Doesn't provide the interaction with the seller that Mike wants.

    > 5) Visit them with the demo on a laptop and take a projector

    Best if it is a high-dollar product or a volume contract representing
    lots of money. Cost counterproductive if it is a cheap product or
    low-volume sale. If it is worth the time and money to send a rep to
    present the product, it probably won't be just a demo but instead a full
    blown install of the real product on the laptop. If the product
    requires network connectivity, especially outside connectivity, you had
    better also contact their network admin to get prepped on how to get
    your product to work in their environment. Having your product get
    crippled during its presentation because it won't run in their
    environment is about as effective a presentation as wetting your pants
    (and, although the OP was geared toward hospitals, the "product" is
    probably not adult diapers).
  4. Archived from groups: comp.security.firewalls (More info?)

    "Mike" <mikeotown@nospam.msn.com> wrote in message
    news:Xn8kc.20955$7a5.2982@bignews6.bellsouth.net...
    > We would like a solution for demonstrating our application to customers
    over
    > the internet. I was thinking we could setup a WinVNC server in our office
    > and then send the WinVNC client to the customer so that they could connect
    > to our computer and we could walk them through the program over the phone.
    >
    > Our customers are hospitals. Do you think there will be a problem with
    > customers inside hospital networks connecting to us using the WinNVC
    client?
    > They are able to browse web pages so their port 80 is open, so could we
    set
    > the VNC client to use port 80?
    >
    >

    Well possibly, but they might go though a proxy, so then, no. VNC also has a
    web interface though using java. But I think you may encounter similar
    problems.
  5. Archived from groups: comp.security.firewalls (More info?)

    So the VNC client won't work through a proxy server? Does anyone have
    recommendations for the best way to do remote demos?

    "Spacen Jasset" <spacenjasset@yahoo.co.uk> wrote in message
    news:c6r65o$6i9$1@newsg2.svr.pol.co.uk...
    >
    > "Mike" <mikeotown@nospam.msn.com> wrote in message
    > news:Xn8kc.20955$7a5.2982@bignews6.bellsouth.net...
    > > We would like a solution for demonstrating our application to customers
    > over
    > > the internet. I was thinking we could setup a WinVNC server in our
    office
    > > and then send the WinVNC client to the customer so that they could
    connect
    > > to our computer and we could walk them through the program over the
    phone.
    > >
    > > Our customers are hospitals. Do you think there will be a problem with
    > > customers inside hospital networks connecting to us using the WinNVC
    > client?
    > > They are able to browse web pages so their port 80 is open, so could we
    > set
    > > the VNC client to use port 80?
    > >
    > >
    >
    > Well possibly, but they might go though a proxy, so then, no. VNC also has
    a
    > web interface though using java. But I think you may encounter similar
    > problems.
    >
    >
  6. Archived from groups: comp.security.firewalls (More info?)

    In article <KeGdnT-mv-Sg0wzdRVn-hA@comcast.com>, no-email@post-reply-in-
    newsgroup.invalid says...
    > But the OP said the potential customers CAN browse web pages. If they
    > are still using the default port 80 to do so, why wouldn't the VNC
    > client which was also using port 80 be able to get through?

    Most hospitals have an IT policy the prohibits people from installing or
    running applications which were not installed or authorized by the IT
    department.

    Every hospital I've done IT work for would fire/reprimand someone for
    installing VNC.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  7. Archived from groups: comp.security.firewalls (More info?)

    "Leythos" (void@nowhere.com) said in
    news:MPG.1afb1ce1f11245f98a464@news-server.columbus.rr.com:
    > In article <KeGdnT-mv-Sg0wzdRVn-hA@comcast.com>,
    > no-email@post-reply-in- newsgroup.invalid says...
    >> But the OP said the potential customers CAN browse web pages. If
    >> they are still using the default port 80 to do so, why wouldn't the
    >> VNC client which was also using port 80 be able to get through?
    >
    > Most hospitals have an IT policy the prohibits people from installing
    > or running applications which were not installed or authorized by the
    > IT department.
    >
    > Every hospital I've done IT work for would fire/reprimand someone for
    > installing VNC.
    >
    > --

    But the user is NOT *installing* it if it runs from a floppy. It runs
    from the floppy. It doesn't install any files onto their computer. So
    the hospitals policy would also have to include RUNNING any programs
    that are not on their okay list.

    --
    ____________________________________________________________
    *** Post replies to newsgroup. Share with others.
    *** Email: domain = ".com" and append "=news=" to Subject.
    ____________________________________________________________
  8. Archived from groups: comp.security.firewalls (More info?)

    "*Vanguard*" <no-email@post-reply-in-newsgroup.invalid> wrote in message
    news:KeGdnT-mv-Sg0wzdRVn-hA@comcast.com...
    .....
    > But the OP said the potential customers CAN browse web pages. If they
    > are still using the default port 80 to do so, why wouldn't the VNC
    > client which was also using port 80 be able to get through? I suppose
    ....

    They can but...
    .....
    > server. Or does that merely present a web page to download a Java
    > applet to the customer where they then locally run the applet (which
    > would make the real VNC server connection but without using HTTP)?

    You are exactly right. JavaVNC then connects on port 5900 as normal to the
    VNC server (through the browser). You can't really stream data through a
    http connection, well not in a sensible way ( but see htthost.com if you
    happen to be interested in this ).

    Basically you want an any port out rule ( well you need 5900 anyway ) -
    quite a few companies operate a policy like this, but then again quite a few
    have become draconian and only allow outgoing connections through a proxy.
    I.e. nothing in or out through the firewall.
  9. Archived from groups: comp.security.firewalls (More info?)

    In article <Zb-dnVzgDJ2c5wzdRVn-uQ@comcast.com>, no-email@post-reply-in-
    newsgroup.invalid says...
    > "Leythos" (void@nowhere.com) said in
    > news:MPG.1afb1ce1f11245f98a464@news-server.columbus.rr.com:
    > > In article <KeGdnT-mv-Sg0wzdRVn-hA@comcast.com>,
    > > no-email@post-reply-in- newsgroup.invalid says...
    > >> But the OP said the potential customers CAN browse web pages. If
    > >> they are still using the default port 80 to do so, why wouldn't the
    > >> VNC client which was also using port 80 be able to get through?
    > >
    > > Most hospitals have an IT policy the prohibits people from installing
    > > or running applications which were not installed or authorized by the
    > > IT department.
    > >
    > > Every hospital I've done IT work for would fire/reprimand someone for
    > > installing VNC.
    > >
    > > --
    >
    > But the user is NOT *installing* it if it runs from a floppy. It runs
    > from the floppy. It doesn't install any files onto their computer. So
    > the hospitals policy would also have to include RUNNING any programs
    > that are not on their okay list.

    In a strict sense, if you didn't find it on the computer then you
    installed it in order to use it - inserting a floppy that contains a
    executable that was not provided by the IT department, in order to view
    content through a hole in the firewall (port 80) for something other
    than web sites might well get the person(s) in hot water.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  10. Archived from groups: comp.security.firewalls (More info?)

    "Leythos" said in
    news:MPG.1afb70ca3509f22498a467@news-server.columbus.rr.com:
    > In article <Zb-dnVzgDJ2c5wzdRVn-uQ@comcast.com>,
    > no-email@post-reply-in- newsgroup.invalid says...
    >> "Leythos" (void@nowhere.com) said in
    >> news:MPG.1afb1ce1f11245f98a464@news-server.columbus.rr.com:
    >>> In article <KeGdnT-mv-Sg0wzdRVn-hA@comcast.com>,
    >>> no-email@post-reply-in- newsgroup.invalid says...
    >>>> But the OP said the potential customers CAN browse web pages. If
    >>>> they are still using the default port 80 to do so, why wouldn't the
    >>>> VNC client which was also using port 80 be able to get through?
    >>>
    >>> Most hospitals have an IT policy the prohibits people from
    >>> installing or running applications which were not installed or
    >>> authorized by the IT department.
    >>>
    >>> Every hospital I've done IT work for would fire/reprimand someone
    >>> for installing VNC.
    >>>
    >>> --
    >>
    >> But the user is NOT *installing* it if it runs from a floppy. It
    >> runs from the floppy. It doesn't install any files onto their
    >> computer. So the hospitals policy would also have to include
    >> RUNNING any programs that are not on their okay list.
    >
    > In a strict sense, if you didn't find it on the computer then you
    > installed it in order to use it - inserting a floppy that contains a
    > executable that was not provided by the IT department, in order to
    > view content through a hole in the firewall (port 80) for something
    > other than web sites might well get the person(s) in hot water.
    >
    > --

    Since the VNC client is a client (and not a server), I can't see this
    being more a security breach than letting them also use a browser. In
    fact, the VNC viewer looks to be more secure than any browser. From
    what I've seen of VNC, it is on the VNC server host where the security
    issues must be addressed, not on the client side (i.e., Mike needs to
    protect his hosts running VNC server rather than his hospital clients
    running VNC clients worrying about what Mike can do to them). But if
    there is any doubt and you're in a draconian company, especially one
    recently burned by hackers, viruses, or malcontents (external and
    internal), then it is best to ask. It is possible, for example, that
    Mike isn't the nice guy he pretends to be and the VNC viewer program he
    provides has been modified to do "other tasks" on his customer's
    computers, so Mike should really tell his customers to go get the VNC
    viewer themselves from a known and respected web site.

    --
    ____________________________________________________________
    *** Post replies to newsgroup. Share with others.
    *** Email: domain = ".com" and append "=news=" to Subject.
    ____________________________________________________________
  11. Archived from groups: comp.security.firewalls (More info?)

    In article <VaCdnfV19amrKgzd4p2dnA@comcast.com>, no-email@post-reply-in-
    newsgroup.invalid says...
    > "Leythos" said in
    > news:MPG.1afb70ca3509f22498a467@news-server.columbus.rr.com:
    > > In article <Zb-dnVzgDJ2c5wzdRVn-uQ@comcast.com>,
    > > no-email@post-reply-in- newsgroup.invalid says...
    > >> "Leythos" (void@nowhere.com) said in
    > >> news:MPG.1afb1ce1f11245f98a464@news-server.columbus.rr.com:
    > >>> In article <KeGdnT-mv-Sg0wzdRVn-hA@comcast.com>,
    > >>> no-email@post-reply-in- newsgroup.invalid says...
    > >>>> But the OP said the potential customers CAN browse web pages. If
    > >>>> they are still using the default port 80 to do so, why wouldn't the
    > >>>> VNC client which was also using port 80 be able to get through?
    > >>>
    > >>> Most hospitals have an IT policy the prohibits people from
    > >>> installing or running applications which were not installed or
    > >>> authorized by the IT department.
    > >>>
    > >>> Every hospital I've done IT work for would fire/reprimand someone
    > >>> for installing VNC.
    > >>>
    > >>> --
    > >>
    > >> But the user is NOT *installing* it if it runs from a floppy. It
    > >> runs from the floppy. It doesn't install any files onto their
    > >> computer. So the hospitals policy would also have to include
    > >> RUNNING any programs that are not on their okay list.
    > >
    > > In a strict sense, if you didn't find it on the computer then you
    > > installed it in order to use it - inserting a floppy that contains a
    > > executable that was not provided by the IT department, in order to
    > > view content through a hole in the firewall (port 80) for something
    > > other than web sites might well get the person(s) in hot water.
    > >
    > > --
    >
    > Since the VNC client is a client (and not a server), I can't see this
    > being more a security breach than letting them also use a browser. In
    > fact, the VNC viewer looks to be more secure than any browser. From
    > what I've seen of VNC, it is on the VNC server host where the security
    > issues must be addressed, not on the client side (i.e., Mike needs to
    > protect his hosts running VNC server rather than his hospital clients
    > running VNC clients worrying about what Mike can do to them). But if
    > there is any doubt and you're in a draconian company, especially one
    > recently burned by hackers, viruses, or malcontents (external and
    > internal), then it is best to ask. It is possible, for example, that
    > Mike isn't the nice guy he pretends to be and the VNC viewer program he
    > provides has been modified to do "other tasks" on his customer's
    > computers, so Mike should really tell his customers to go get the VNC
    > viewer themselves from a known and respected web site.

    Looks like we're on the same page here.


    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  12. Archived from groups: comp.security.firewalls (More info?)

    "Leythos" said in
    news:MPG.1afb84242f475f7298a46a@news-server.columbus.rr.com:
    > In article <VaCdnfV19amrKgzd4p2dnA@comcast.com>,
    > no-email@post-reply-in- newsgroup.invalid says...
    >> "Leythos" said in
    >> news:MPG.1afb70ca3509f22498a467@news-server.columbus.rr.com:
    >>> In article <Zb-dnVzgDJ2c5wzdRVn-uQ@comcast.com>,
    >>> no-email@post-reply-in- newsgroup.invalid says...
    >>>> "Leythos" (void@nowhere.com) said in
    >>>> news:MPG.1afb1ce1f11245f98a464@news-server.columbus.rr.com:
    >>>>> In article <KeGdnT-mv-Sg0wzdRVn-hA@comcast.com>,
    >>>>> no-email@post-reply-in- newsgroup.invalid says...
    >>>>>> But the OP said the potential customers CAN browse web pages. If
    >>>>>> they are still using the default port 80 to do so, why wouldn't
    >>>>>> the VNC client which was also using port 80 be able to get
    >>>>>> through?
    >>>>>
    >>>>> Most hospitals have an IT policy the prohibits people from
    >>>>> installing or running applications which were not installed or
    >>>>> authorized by the IT department.
    >>>>>
    >>>>> Every hospital I've done IT work for would fire/reprimand someone
    >>>>> for installing VNC.
    >>>>>
    >>>>> --
    >>>>
    >>>> But the user is NOT *installing* it if it runs from a floppy. It
    >>>> runs from the floppy. It doesn't install any files onto their
    >>>> computer. So the hospitals policy would also have to include
    >>>> RUNNING any programs that are not on their okay list.
    >>>
    >>> In a strict sense, if you didn't find it on the computer then you
    >>> installed it in order to use it - inserting a floppy that contains a
    >>> executable that was not provided by the IT department, in order to
    >>> view content through a hole in the firewall (port 80) for something
    >>> other than web sites might well get the person(s) in hot water.
    >>>
    >>> --
    >>
    >> Since the VNC client is a client (and not a server), I can't see this
    >> being more a security breach than letting them also use a browser.
    >> In fact, the VNC viewer looks to be more secure than any browser.
    >> From what I've seen of VNC, it is on the VNC server host where the
    >> security issues must be addressed, not on the client side (i.e.,
    >> Mike needs to protect his hosts running VNC server rather than his
    >> hospital clients running VNC clients worrying about what Mike can do
    >> to them). But if there is any doubt and you're in a draconian
    >> company, especially one recently burned by hackers, viruses, or
    >> malcontents (external and internal), then it is best to ask. It is
    >> possible, for example, that Mike isn't the nice guy he pretends to
    >> be and the VNC viewer program he provides has been modified to do
    >> "other tasks" on his customer's computers, so Mike should really
    >> tell his customers to go get the VNC viewer themselves from a known
    >> and respected web site.
    >
    > Looks like we're on the same page here.
    >
    >
    > --

    Yeah. I like the phrase "we're in vehement agreement". Sneakernet is
    one way viruses manage to circumvent a protected network as are hosts
    with modems making dial-up connections. I remember our test lab having
    its own router, anti-virus, and firewall appliances to protect us from
    our own fellow employees on our corporate network. Not even IT folks
    got into our computer room without one of us monitoring their activity,
    and it was rare they ever needed or even wanted to go in there.

    --
    ____________________________________________________________
    *** Post replies to newsgroup. Share with others.
    *** Email: domain = ".com" and append "=news=" to Subject.
    ____________________________________________________________
  13. Archived from groups: comp.security.firewalls (More info?)

    About a year ago I did a demonstration usin ThightVNC from the company
    office in Scandinavia to a customer in Bogota, Colombia. The demo was held
    in the offices of a major international company. Due to the security policy
    of both the home office and the international company, the only way we could
    make it work was to use outside ISPs. We could have made it if the security
    policies had allowed for a VPN to be set up to my demo-computer, but that
    was not possible. We tried every trick in the book, but in the end it was
    the use of non-company lines that saved us.

    So, look at the possibility to have a VPN set up from the customer site into
    the place where the application you want to demonstrate is located. If you
    can do that, you can use VNC. (I take it you have already spoken to the
    internal computer department about smashing holes in your FW to get in
    directly. They normally do not like that.)

    John Morten
  14. Archived from groups: comp.security.firewalls (More info?)

    Taking a moment's reflection, Mike mused:
    |
    | We would like a solution for demonstrating our application to customers
    | over the internet. I was thinking we could setup a WinVNC server in our
    | office and then send the WinVNC client to the customer so that they could
    | connect to our computer and we could walk them through the program over
    | the phone.

    We use VNC (check into UltraVNC) all the time to demo products and for
    remote support. Most networks can connect out without restriction (unless
    they are tightly controlled). So, discuss this with your contact at the
    hospital. They will need to be able to connect out to port 5900 (TCP) with
    the VNC Viewer, or 8080 (HTTP) with a web browser.
  15. Archived from groups: comp.security.firewalls (More info?)

    Taking a moment's reflection, Leythos mused:
    |
    | Most hospitals have an IT policy the prohibits people from installing or
    | running applications which were not installed or authorized by the IT
    | department.
    |
    | Every hospital I've done IT work for would fire/reprimand someone for
    | installing VNC.

    I would think it should be assumed that, once the OP notifies his
    contact within the organization about how he would like to present his
    product, the contact would then make the necessary arrangements with the IT
    department.
  16. Archived from groups: comp.security.firewalls (More info?)

    "mhicaoidh" said in news:kOykc.4749$kh4.275287@attbi_s52:
    >
    > I would think it should be assumed that, once the OP notifies his
    > contact within the organization about how he would like to present his
    > product, the contact would then make the necessary arrangements with
    > the IT department.

    Since the potential customer doesn't know the intricacies of your
    product even if you try to describe a list of requirements, it is best
    to have them give you a contact in their company's IT department, or,
    more polite is to ask them to have their IT department call you (within
    an agreed time frame) so they don't feel pushed by outsiders. I
    wouldn't rely on a potential customer (not in the IT department) knowing
    how to properly communicate your needs to their IT folks on how to
    demonstrate your product in their environment. You'll lose requirements
    and scheduling in the translation. You ask the department manager to
    ask the IT manager to ask a sysadmin to call you (and that's a short
    chain). But you asking the department manager to ask the IT manager to
    schedule time for their sysadmin to work with the department manager to
    prepare for an unknown presentation based on some list of requirements
    and then you showing up on the appointment day and expecting all the
    preparations to be complete and correct is not going to work.

    --
    ____________________________________________________________
    *** Post replies to newsgroup. Share with others.
    *** Email: domain = ".com" and append "=news=" to Subject.
    ____________________________________________________________
  17. Archived from groups: comp.security.firewalls (More info?)

    In article <GqWdnQ2LX--SXQ_dRVn-uw@comcast.com>, no-email@post-reply-in-
    newsgroup.invalid says...
    > "mhicaoidh" said in news:kOykc.4749$kh4.275287@attbi_s52:
    > >
    > > I would think it should be assumed that, once the OP notifies his
    > > contact within the organization about how he would like to present his
    > > product, the contact would then make the necessary arrangements with
    > > the IT department.
    >
    > Since the potential customer doesn't know the intricacies of your
    > product even if you try to describe a list of requirements, it is best
    > to have them give you a contact in their company's IT department, or,
    > more polite is to ask them to have their IT department call you (within
    > an agreed time frame) so they don't feel pushed by outsiders. I
    > wouldn't rely on a potential customer (not in the IT department) knowing
    > how to properly communicate your needs to their IT folks on how to
    > demonstrate your product in their environment. You'll lose requirements
    > and scheduling in the translation. You ask the department manager to
    > ask the IT manager to ask a sysadmin to call you (and that's a short
    > chain). But you asking the department manager to ask the IT manager to
    > schedule time for their sysadmin to work with the department manager to
    > prepare for an unknown presentation based on some list of requirements
    > and then you showing up on the appointment day and expecting all the
    > preparations to be complete and correct is not going to work.

    The above approach works great if the company in question doesn't mind
    the users inside the network being able to VNC outbound, but in most
    cases, outbound VNC just leads to employees connecting to their home
    computers and goofing off on company time. Any company that permits
    unrestricted outbound access has not taken the proper steps to keep from
    spreading virus's and such, and doesn't really have much of a security
    mind-set anyway. I suspect, due to HIPPA compliance, that most hospitals
    restrict anything that is not absolutely needed for daily operation of
    the hospital.

    What you are likely to find is a system in a conference room that
    provides external access in a less restrictive rule-set for such types
    of demonstrations, but, most IT departments won't install a VNC client.
    There are many on-line services that allow users to share their desktops
    through a browser interface, and most IT shops don't have a problem with
    setting something like that up for a conference room.

    To address the real issue here, how to demo a non-web app over the
    internet, you need to find a common method that doesn't require
    modification of most firewall rules, doesn't require custom software
    (unless it's a browser plug-in), and doesn't really violate IT policy.


    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  18. Archived from groups: comp.security.firewalls (More info?)

    Taking a moment's reflection, *Vanguard* mused:
    |
    | Since the potential customer doesn't know the intricacies of your
    | product even if you try to describe a list of requirements, it is best
    | to have them give you a contact in their company's IT department, or,
    | more polite is to ask them to have their IT department call you (within
    | an agreed time frame) so they don't feel pushed by outsiders.

    In a more involved case, I would tend to agree. But, here, the issue is
    just allowing VNC in/out so a connection can be made to a vender PC outside
    to demo the product remotely.
  19. Archived from groups: comp.security.firewalls (More info?)

    Hallo Mike, you wrote:

    > We have PowerPoints and a web site but we'd like for us and the client to be
    > able to look at the same thing at the same time to walk them through the
    > product without traveling to the client site because of travel costs.
    >
    > GoToMyPC.com and other companies do it through a web browser so why can't
    > we? If we could do it through a web browser then any client should be able
    > to do it.

    Why not? There is a connection possible to your VNC server using a java
    applet (sending to the client site). It's listening at port 5900 (VNC ==
    5800)

    The Server administrator can change the Port-# to another #, f.e. 80.

    HTH
    Wolfgang
  20. Archived from groups: comp.security.firewalls (More info?)

    "Wolfgang Ewert" <w.ewert2002@gmx.de> wrote in message
    news:3vja8c.gqd.ln@news.wolfgang.ewert.com...
    > Hallo Mike, you wrote:
    >
    > > We have PowerPoints and a web site but we'd like for us and the client
    to be
    > > able to look at the same thing at the same time to walk them through the
    > > product without traveling to the client site because of travel costs.
    > >
    > > GoToMyPC.com and other companies do it through a web browser so why
    can't
    > > we? If we could do it through a web browser then any client should be
    able
    > > to do it.
    >
    > Why not? There is a connection possible to your VNC server using a java
    > applet (sending to the client site). It's listening at port 5900 (VNC ==
    > 5800)
    >
    > The Server administrator can change the Port-# to another #, f.e. 80.
    >
    > HTH
    > Wolfgang

    Hmm yes and no. That doesn't mean that it always works the way gotomypc do
    it though does it? For example. A no out no in firewall. And a proxy that is
    the only means of accessing the web. It's no going to work is it. You can't
    put generic TCP through a http proxy. ( well not without other servers in
    the chain and more client side software )
Ask a new question

Read More

Firewalls Networking