Sign in with
Sign up | Sign in
Your question

WinVNC

Last response: in Networking
Share
April 29, 2004 2:37:02 PM

Archived from groups: comp.security.firewalls (More info?)

We would like a solution for demonstrating our application to customers over
the internet. I was thinking we could setup a WinVNC server in our office
and then send the WinVNC client to the customer so that they could connect
to our computer and we could walk them through the program over the phone.

Our customers are hospitals. Do you think there will be a problem with
customers inside hospital networks connecting to us using the WinNVC client?
They are able to browse web pages so their port 80 is open, so could we set
the VNC client to use port 80?

More about : winvnc

Anonymous
April 29, 2004 7:35:18 PM

Archived from groups: comp.security.firewalls (More info?)

In article <Xn8kc.20955$7a5.2982@bignews6.bellsouth.net>,
mikeotown@nospam.msn.com says...
> We would like a solution for demonstrating our application to customers over
> the internet. I was thinking we could setup a WinVNC server in our office
> and then send the WinVNC client to the customer so that they could connect
> to our computer and we could walk them through the program over the phone.
>
> Our customers are hospitals. Do you think there will be a problem with
> customers inside hospital networks connecting to us using the WinNVC client?
> They are able to browse web pages so their port 80 is open, so could we set
> the VNC client to use port 80?

Since most places have rules to block that type of thing, and since most
places don't let users install apps, you are going to have to do
something that does not require a rule in the firewall or installation
of software.

Try the following:

1) Power Point Demo
2) PDF Multi-media demo
3) Combination of PPT and AVI's
4) If your product is web enabled, and what product isn't today, just
open a demo site for them.
5) Visit them with the demo on a laptop and take a projector



--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
April 29, 2004 7:35:19 PM

Archived from groups: comp.security.firewalls (More info?)

We have PowerPoints and a web site but we'd like for us and the client to be
able to look at the same thing at the same time to walk them through the
product without traveling to the client site because of travel costs.

GoToMyPC.com and other companies do it through a web browser so why can't
we? If we could do it through a web browser then any client should be able
to do it.

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1afaec7e6b25255198a462@news-server.columbus.rr.com...
> In article <Xn8kc.20955$7a5.2982@bignews6.bellsouth.net>,
> mikeotown@nospam.msn.com says...
> > We would like a solution for demonstrating our application to customers
over
> > the internet. I was thinking we could setup a WinVNC server in our
office
> > and then send the WinVNC client to the customer so that they could
connect
> > to our computer and we could walk them through the program over the
phone.
> >
> > Our customers are hospitals. Do you think there will be a problem with
> > customers inside hospital networks connecting to us using the WinNVC
client?
> > They are able to browse web pages so their port 80 is open, so could we
set
> > the VNC client to use port 80?
>
> Since most places have rules to block that type of thing, and since most
> places don't let users install apps, you are going to have to do
> something that does not require a rule in the firewall or installation
> of software.
>
> Try the following:
>
> 1) Power Point Demo
> 2) PDF Multi-media demo
> 3) Combination of PPT and AVI's
> 4) If your product is web enabled, and what product isn't today, just
> open a demo site for them.
> 5) Visit them with the demo on a laptop and take a projector
>
>
>
> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me)
Related resources
Can't find your answer ? Ask !
Anonymous
April 29, 2004 7:35:19 PM

Archived from groups: comp.security.firewalls (More info?)

"Leythos" (void@nowhere.com) said in
news:MPG.1afaec7e6b25255198a462@news-server.columbus.rr.com:
> In article <Xn8kc.20955$7a5.2982@bignews6.bellsouth.net>,
> mikeotown@nospam.msn.com says...
>> We would like a solution for demonstrating our application to
>> customers over the internet. I was thinking we could setup a WinVNC
>> server in our office and then send the WinVNC client to the customer
>> so that they could connect to our computer and we could walk them
>> through the program over the phone.
>>
>> Our customers are hospitals. Do you think there will be a problem
>> with customers inside hospital networks connecting to us using the
>> WinNVC client? They are able to browse web pages so their port 80 is
>> open, so could we set the VNC client to use port 80?
>
> Since most places have rules to block that type of thing,

But the OP said the potential customers CAN browse web pages. If they
are still using the default port 80 to do so, why wouldn't the VNC
client which was also using port 80 be able to get through? I suppose
it is possible the firewall checks for HTTP headers for datastreams
using port 80, but wouldn't using the VNC in-built web server circumvent
that check (see http://www.realvnc.com/faq.html#firewall)? I'm assuming
the customer just uses their web browser to connect to the VNC web
server. Or does that merely present a web page to download a Java
applet to the customer where they then locally run the applet (which
would make the real VNC server connection but without using HTTP)?

> and since
> most places don't let users install apps, you are going to have to do
> something that does not require a rule in the firewall or installation
> of software.

"The Windows viewer, for example, is about 150K in size and can be run
directly from a floppy" (http://www.realvnc.com/why.html). So nothing
would have to be installed on the potential customers computer. That
quote was from RealVNC.com which is now where you get WinVNC (see
http://www.uk.research.att.com/vnc). Also, if the in-built web server
for VNC is used, it looks to download a Java applet for the VNC viewer
on the client's host. This isn't an install but does require that Java
is enabled in the browser and that a JVM has been installed (as either
part of the browser or separately).

So which is better, WinVNC (www.realvnc.com) or TightVNC
(www.tightvnc.com) which is derived from WinVNC?

While OpenSSH is recommended (by realvnc.com) for security, that's just
for the connection to protect the content of the communications.
OpenSSH is a Unix solution. Anyone know of a good, free, easy to use
and easy to setup client-side Windows alternative to OpenSSH? I use
SpamPal for spam filtering, it doesn't do SSL connections, but it
mentions STunnel (www.stunnel.org). Is STunnel any good and will it
work with WinVNC (or TightVNC)? While OpenSSH protects the content of
the VNC communications, it still doesn't address protecting the VNC
server host and regulating the password divulged to unregulated or
uncontrolled customers.

Since you are letting outside unregulated clients (not employees) get
into the host running the VNC server, wouldn't this be a security
threat? After all, you're divulging the password to use the VNC client
to users that could redistribute that password. Seems like you would
need to take into account some security measures on your VNC server
host, like moving it to a DMZ zone on your router, or having the
customer call when about to connect to give them a password you create
on-the-fly and which you delete or change after the session. Of course,
you could just run the VNC server as an application and unload it after
the session, or run it as a service and stop it after the session.

> Try the following:
>
> 1) Power Point Demo

Never seen these as impressive when trying to promote a product without
an included speaker to guide the presentation.

> 2) PDF Multi-media demo
> 3) Combination of PPT and AVI's

Some products are so complex and highly configurable to the user's needs
that a demo just won't cut it. It may present a scenario for
demonstration that is nothing like the customer's needs or environment.
But then trying to teach them remotely doesn't work as well, either.
Yeah, showing them how to use a sub-$1000 product, like Word, is doable,
but not when it is a vertical market product that starts out costing
$50K (but then sitting on your fanny and hoping the potential customer
logs in when you are ready is not the way to sell such products).

> 4) If your product is web enabled, and what product isn't today, just
> open a demo site for them.

Doesn't provide the interaction with the seller that Mike wants.

> 5) Visit them with the demo on a laptop and take a projector

Best if it is a high-dollar product or a volume contract representing
lots of money. Cost counterproductive if it is a cheap product or
low-volume sale. If it is worth the time and money to send a rep to
present the product, it probably won't be just a demo but instead a full
blown install of the real product on the laptop. If the product
requires network connectivity, especially outside connectivity, you had
better also contact their network admin to get prepped on how to get
your product to work in their environment. Having your product get
crippled during its presentation because it won't run in their
environment is about as effective a presentation as wetting your pants
(and, although the OP was geared toward hospitals, the "product" is
probably not adult diapers).
Anonymous
April 29, 2004 8:16:22 PM

Archived from groups: comp.security.firewalls (More info?)

"Mike" <mikeotown@nospam.msn.com> wrote in message
news:Xn8kc.20955$7a5.2982@bignews6.bellsouth.net...
> We would like a solution for demonstrating our application to customers
over
> the internet. I was thinking we could setup a WinVNC server in our office
> and then send the WinVNC client to the customer so that they could connect
> to our computer and we could walk them through the program over the phone.
>
> Our customers are hospitals. Do you think there will be a problem with
> customers inside hospital networks connecting to us using the WinNVC
client?
> They are able to browse web pages so their port 80 is open, so could we
set
> the VNC client to use port 80?
>
>

Well possibly, but they might go though a proxy, so then, no. VNC also has a
web interface though using java. But I think you may encounter similar
problems.
April 29, 2004 8:16:23 PM

Archived from groups: comp.security.firewalls (More info?)

So the VNC client won't work through a proxy server? Does anyone have
recommendations for the best way to do remote demos?

"Spacen Jasset" <spacenjasset@yahoo.co.uk> wrote in message
news:c6r65o$6i9$1@newsg2.svr.pol.co.uk...
>
> "Mike" <mikeotown@nospam.msn.com> wrote in message
> news:Xn8kc.20955$7a5.2982@bignews6.bellsouth.net...
> > We would like a solution for demonstrating our application to customers
> over
> > the internet. I was thinking we could setup a WinVNC server in our
office
> > and then send the WinVNC client to the customer so that they could
connect
> > to our computer and we could walk them through the program over the
phone.
> >
> > Our customers are hospitals. Do you think there will be a problem with
> > customers inside hospital networks connecting to us using the WinNVC
> client?
> > They are able to browse web pages so their port 80 is open, so could we
> set
> > the VNC client to use port 80?
> >
> >
>
> Well possibly, but they might go though a proxy, so then, no. VNC also has
a
> web interface though using java. But I think you may encounter similar
> problems.
>
>
Anonymous
April 29, 2004 11:01:57 PM

Archived from groups: comp.security.firewalls (More info?)

In article <KeGdnT-mv-Sg0wzdRVn-hA@comcast.com>, no-email@post-reply-in-
newsgroup.invalid says...
> But the OP said the potential customers CAN browse web pages. If they
> are still using the default port 80 to do so, why wouldn't the VNC
> client which was also using port 80 be able to get through?

Most hospitals have an IT policy the prohibits people from installing or
running applications which were not installed or authorized by the IT
department.

Every hospital I've done IT work for would fire/reprimand someone for
installing VNC.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
April 29, 2004 11:01:58 PM

Archived from groups: comp.security.firewalls (More info?)

"Leythos" (void@nowhere.com) said in
news:MPG.1afb1ce1f11245f98a464@news-server.columbus.rr.com:
> In article <KeGdnT-mv-Sg0wzdRVn-hA@comcast.com>,
> no-email@post-reply-in- newsgroup.invalid says...
>> But the OP said the potential customers CAN browse web pages. If
>> they are still using the default port 80 to do so, why wouldn't the
>> VNC client which was also using port 80 be able to get through?
>
> Most hospitals have an IT policy the prohibits people from installing
> or running applications which were not installed or authorized by the
> IT department.
>
> Every hospital I've done IT work for would fire/reprimand someone for
> installing VNC.
>
> --

But the user is NOT *installing* it if it runs from a floppy. It runs
from the floppy. It doesn't install any files onto their computer. So
the hospitals policy would also have to include RUNNING any programs
that are not on their okay list.

--
____________________________________________________________
*** Post replies to newsgroup. Share with others.
*** Email: domain = ".com" and append "=news=" to Subject.
____________________________________________________________
Anonymous
April 30, 2004 1:07:09 AM

Archived from groups: comp.security.firewalls (More info?)

"*Vanguard*" <no-email@post-reply-in-newsgroup.invalid> wrote in message
news:KeGdnT-mv-Sg0wzdRVn-hA@comcast.com...
.....
> But the OP said the potential customers CAN browse web pages. If they
> are still using the default port 80 to do so, why wouldn't the VNC
> client which was also using port 80 be able to get through? I suppose
....

They can but...
.....
> server. Or does that merely present a web page to download a Java
> applet to the customer where they then locally run the applet (which
> would make the real VNC server connection but without using HTTP)?

You are exactly right. JavaVNC then connects on port 5900 as normal to the
VNC server (through the browser). You can't really stream data through a
http connection, well not in a sensible way ( but see htthost.com if you
happen to be interested in this ).

Basically you want an any port out rule ( well you need 5900 anyway ) -
quite a few companies operate a policy like this, but then again quite a few
have become draconian and only allow outgoing connections through a proxy.
I.e. nothing in or out through the firewall.
Anonymous
April 30, 2004 4:59:52 AM

Archived from groups: comp.security.firewalls (More info?)

In article <Zb-dnVzgDJ2c5wzdRVn-uQ@comcast.com>, no-email@post-reply-in-
newsgroup.invalid says...
> "Leythos" (void@nowhere.com) said in
> news:MPG.1afb1ce1f11245f98a464@news-server.columbus.rr.com:
> > In article <KeGdnT-mv-Sg0wzdRVn-hA@comcast.com>,
> > no-email@post-reply-in- newsgroup.invalid says...
> >> But the OP said the potential customers CAN browse web pages. If
> >> they are still using the default port 80 to do so, why wouldn't the
> >> VNC client which was also using port 80 be able to get through?
> >
> > Most hospitals have an IT policy the prohibits people from installing
> > or running applications which were not installed or authorized by the
> > IT department.
> >
> > Every hospital I've done IT work for would fire/reprimand someone for
> > installing VNC.
> >
> > --
>
> But the user is NOT *installing* it if it runs from a floppy. It runs
> from the floppy. It doesn't install any files onto their computer. So
> the hospitals policy would also have to include RUNNING any programs
> that are not on their okay list.

In a strict sense, if you didn't find it on the computer then you
installed it in order to use it - inserting a floppy that contains a
executable that was not provided by the IT department, in order to view
content through a hole in the firewall (port 80) for something other
than web sites might well get the person(s) in hot water.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
April 30, 2004 4:59:53 AM

Archived from groups: comp.security.firewalls (More info?)

"Leythos" said in
news:MPG.1afb70ca3509f22498a467@news-server.columbus.rr.com:
> In article <Zb-dnVzgDJ2c5wzdRVn-uQ@comcast.com>,
> no-email@post-reply-in- newsgroup.invalid says...
>> "Leythos" (void@nowhere.com) said in
>> news:MPG.1afb1ce1f11245f98a464@news-server.columbus.rr.com:
>>> In article <KeGdnT-mv-Sg0wzdRVn-hA@comcast.com>,
>>> no-email@post-reply-in- newsgroup.invalid says...
>>>> But the OP said the potential customers CAN browse web pages. If
>>>> they are still using the default port 80 to do so, why wouldn't the
>>>> VNC client which was also using port 80 be able to get through?
>>>
>>> Most hospitals have an IT policy the prohibits people from
>>> installing or running applications which were not installed or
>>> authorized by the IT department.
>>>
>>> Every hospital I've done IT work for would fire/reprimand someone
>>> for installing VNC.
>>>
>>> --
>>
>> But the user is NOT *installing* it if it runs from a floppy. It
>> runs from the floppy. It doesn't install any files onto their
>> computer. So the hospitals policy would also have to include
>> RUNNING any programs that are not on their okay list.
>
> In a strict sense, if you didn't find it on the computer then you
> installed it in order to use it - inserting a floppy that contains a
> executable that was not provided by the IT department, in order to
> view content through a hole in the firewall (port 80) for something
> other than web sites might well get the person(s) in hot water.
>
> --

Since the VNC client is a client (and not a server), I can't see this
being more a security breach than letting them also use a browser. In
fact, the VNC viewer looks to be more secure than any browser. From
what I've seen of VNC, it is on the VNC server host where the security
issues must be addressed, not on the client side (i.e., Mike needs to
protect his hosts running VNC server rather than his hospital clients
running VNC clients worrying about what Mike can do to them). But if
there is any doubt and you're in a draconian company, especially one
recently burned by hackers, viruses, or malcontents (external and
internal), then it is best to ask. It is possible, for example, that
Mike isn't the nice guy he pretends to be and the VNC viewer program he
provides has been modified to do "other tasks" on his customer's
computers, so Mike should really tell his customers to go get the VNC
viewer themselves from a known and respected web site.

--
____________________________________________________________
*** Post replies to newsgroup. Share with others.
*** Email: domain = ".com" and append "=news=" to Subject.
____________________________________________________________
Anonymous
April 30, 2004 6:22:22 AM

Archived from groups: comp.security.firewalls (More info?)

In article <VaCdnfV19amrKgzd4p2dnA@comcast.com>, no-email@post-reply-in-
newsgroup.invalid says...
> "Leythos" said in
> news:MPG.1afb70ca3509f22498a467@news-server.columbus.rr.com:
> > In article <Zb-dnVzgDJ2c5wzdRVn-uQ@comcast.com>,
> > no-email@post-reply-in- newsgroup.invalid says...
> >> "Leythos" (void@nowhere.com) said in
> >> news:MPG.1afb1ce1f11245f98a464@news-server.columbus.rr.com:
> >>> In article <KeGdnT-mv-Sg0wzdRVn-hA@comcast.com>,
> >>> no-email@post-reply-in- newsgroup.invalid says...
> >>>> But the OP said the potential customers CAN browse web pages. If
> >>>> they are still using the default port 80 to do so, why wouldn't the
> >>>> VNC client which was also using port 80 be able to get through?
> >>>
> >>> Most hospitals have an IT policy the prohibits people from
> >>> installing or running applications which were not installed or
> >>> authorized by the IT department.
> >>>
> >>> Every hospital I've done IT work for would fire/reprimand someone
> >>> for installing VNC.
> >>>
> >>> --
> >>
> >> But the user is NOT *installing* it if it runs from a floppy. It
> >> runs from the floppy. It doesn't install any files onto their
> >> computer. So the hospitals policy would also have to include
> >> RUNNING any programs that are not on their okay list.
> >
> > In a strict sense, if you didn't find it on the computer then you
> > installed it in order to use it - inserting a floppy that contains a
> > executable that was not provided by the IT department, in order to
> > view content through a hole in the firewall (port 80) for something
> > other than web sites might well get the person(s) in hot water.
> >
> > --
>
> Since the VNC client is a client (and not a server), I can't see this
> being more a security breach than letting them also use a browser. In
> fact, the VNC viewer looks to be more secure than any browser. From
> what I've seen of VNC, it is on the VNC server host where the security
> issues must be addressed, not on the client side (i.e., Mike needs to
> protect his hosts running VNC server rather than his hospital clients
> running VNC clients worrying about what Mike can do to them). But if
> there is any doubt and you're in a draconian company, especially one
> recently burned by hackers, viruses, or malcontents (external and
> internal), then it is best to ask. It is possible, for example, that
> Mike isn't the nice guy he pretends to be and the VNC viewer program he
> provides has been modified to do "other tasks" on his customer's
> computers, so Mike should really tell his customers to go get the VNC
> viewer themselves from a known and respected web site.

Looks like we're on the same page here.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
April 30, 2004 6:22:23 AM

Archived from groups: comp.security.firewalls (More info?)

"Leythos" said in
news:MPG.1afb84242f475f7298a46a@news-server.columbus.rr.com:
> In article <VaCdnfV19amrKgzd4p2dnA@comcast.com>,
> no-email@post-reply-in- newsgroup.invalid says...
>> "Leythos" said in
>> news:MPG.1afb70ca3509f22498a467@news-server.columbus.rr.com:
>>> In article <Zb-dnVzgDJ2c5wzdRVn-uQ@comcast.com>,
>>> no-email@post-reply-in- newsgroup.invalid says...
>>>> "Leythos" (void@nowhere.com) said in
>>>> news:MPG.1afb1ce1f11245f98a464@news-server.columbus.rr.com:
>>>>> In article <KeGdnT-mv-Sg0wzdRVn-hA@comcast.com>,
>>>>> no-email@post-reply-in- newsgroup.invalid says...
>>>>>> But the OP said the potential customers CAN browse web pages. If
>>>>>> they are still using the default port 80 to do so, why wouldn't
>>>>>> the VNC client which was also using port 80 be able to get
>>>>>> through?
>>>>>
>>>>> Most hospitals have an IT policy the prohibits people from
>>>>> installing or running applications which were not installed or
>>>>> authorized by the IT department.
>>>>>
>>>>> Every hospital I've done IT work for would fire/reprimand someone
>>>>> for installing VNC.
>>>>>
>>>>> --
>>>>
>>>> But the user is NOT *installing* it if it runs from a floppy. It
>>>> runs from the floppy. It doesn't install any files onto their
>>>> computer. So the hospitals policy would also have to include
>>>> RUNNING any programs that are not on their okay list.
>>>
>>> In a strict sense, if you didn't find it on the computer then you
>>> installed it in order to use it - inserting a floppy that contains a
>>> executable that was not provided by the IT department, in order to
>>> view content through a hole in the firewall (port 80) for something
>>> other than web sites might well get the person(s) in hot water.
>>>
>>> --
>>
>> Since the VNC client is a client (and not a server), I can't see this
>> being more a security breach than letting them also use a browser.
>> In fact, the VNC viewer looks to be more secure than any browser.
>> From what I've seen of VNC, it is on the VNC server host where the
>> security issues must be addressed, not on the client side (i.e.,
>> Mike needs to protect his hosts running VNC server rather than his
>> hospital clients running VNC clients worrying about what Mike can do
>> to them). But if there is any doubt and you're in a draconian
>> company, especially one recently burned by hackers, viruses, or
>> malcontents (external and internal), then it is best to ask. It is
>> possible, for example, that Mike isn't the nice guy he pretends to
>> be and the VNC viewer program he provides has been modified to do
>> "other tasks" on his customer's computers, so Mike should really
>> tell his customers to go get the VNC viewer themselves from a known
>> and respected web site.
>
> Looks like we're on the same page here.
>
>
> --

Yeah. I like the phrase "we're in vehement agreement". Sneakernet is
one way viruses manage to circumvent a protected network as are hosts
with modems making dial-up connections. I remember our test lab having
its own router, anti-virus, and firewall appliances to protect us from
our own fellow employees on our corporate network. Not even IT folks
got into our computer room without one of us monitoring their activity,
and it was rare they ever needed or even wanted to go in there.

--
____________________________________________________________
*** Post replies to newsgroup. Share with others.
*** Email: domain = ".com" and append "=news=" to Subject.
____________________________________________________________
Anonymous
April 30, 2004 10:27:18 AM

Archived from groups: comp.security.firewalls (More info?)

About a year ago I did a demonstration usin ThightVNC from the company
office in Scandinavia to a customer in Bogota, Colombia. The demo was held
in the offices of a major international company. Due to the security policy
of both the home office and the international company, the only way we could
make it work was to use outside ISPs. We could have made it if the security
policies had allowed for a VPN to be set up to my demo-computer, but that
was not possible. We tried every trick in the book, but in the end it was
the use of non-company lines that saved us.

So, look at the possibility to have a VPN set up from the customer site into
the place where the application you want to demonstrate is located. If you
can do that, you can use VNC. (I take it you have already spoken to the
internal computer department about smashing holes in your FW to get in
directly. They normally do not like that.)

John Morten
Anonymous
April 30, 2004 11:43:02 PM

Archived from groups: comp.security.firewalls (More info?)

Taking a moment's reflection, Mike mused:
|
| We would like a solution for demonstrating our application to customers
| over the internet. I was thinking we could setup a WinVNC server in our
| office and then send the WinVNC client to the customer so that they could
| connect to our computer and we could walk them through the program over
| the phone.

We use VNC (check into UltraVNC) all the time to demo products and for
remote support. Most networks can connect out without restriction (unless
they are tightly controlled). So, discuss this with your contact at the
hospital. They will need to be able to connect out to port 5900 (TCP) with
the VNC Viewer, or 8080 (HTTP) with a web browser.
Anonymous
May 1, 2004 12:37:40 AM

Archived from groups: comp.security.firewalls (More info?)

Taking a moment's reflection, Leythos mused:
|
| Most hospitals have an IT policy the prohibits people from installing or
| running applications which were not installed or authorized by the IT
| department.
|
| Every hospital I've done IT work for would fire/reprimand someone for
| installing VNC.

I would think it should be assumed that, once the OP notifies his
contact within the organization about how he would like to present his
product, the contact would then make the necessary arrangements with the IT
department.
Anonymous
May 1, 2004 12:37:41 AM

Archived from groups: comp.security.firewalls (More info?)

"mhicaoidh" said in news:kOykc.4749$kh4.275287@attbi_s52:
>
> I would think it should be assumed that, once the OP notifies his
> contact within the organization about how he would like to present his
> product, the contact would then make the necessary arrangements with
> the IT department.

Since the potential customer doesn't know the intricacies of your
product even if you try to describe a list of requirements, it is best
to have them give you a contact in their company's IT department, or,
more polite is to ask them to have their IT department call you (within
an agreed time frame) so they don't feel pushed by outsiders. I
wouldn't rely on a potential customer (not in the IT department) knowing
how to properly communicate your needs to their IT folks on how to
demonstrate your product in their environment. You'll lose requirements
and scheduling in the translation. You ask the department manager to
ask the IT manager to ask a sysadmin to call you (and that's a short
chain). But you asking the department manager to ask the IT manager to
schedule time for their sysadmin to work with the department manager to
prepare for an unknown presentation based on some list of requirements
and then you showing up on the appointment day and expecting all the
preparations to be complete and correct is not going to work.

--
____________________________________________________________
*** Post replies to newsgroup. Share with others.
*** Email: domain = ".com" and append "=news=" to Subject.
____________________________________________________________
Anonymous
May 1, 2004 1:13:50 AM

Archived from groups: comp.security.firewalls (More info?)

In article <GqWdnQ2LX--SXQ_dRVn-uw@comcast.com>, no-email@post-reply-in-
newsgroup.invalid says...
> "mhicaoidh" said in news:kOykc.4749$kh4.275287@attbi_s52:
> >
> > I would think it should be assumed that, once the OP notifies his
> > contact within the organization about how he would like to present his
> > product, the contact would then make the necessary arrangements with
> > the IT department.
>
> Since the potential customer doesn't know the intricacies of your
> product even if you try to describe a list of requirements, it is best
> to have them give you a contact in their company's IT department, or,
> more polite is to ask them to have their IT department call you (within
> an agreed time frame) so they don't feel pushed by outsiders. I
> wouldn't rely on a potential customer (not in the IT department) knowing
> how to properly communicate your needs to their IT folks on how to
> demonstrate your product in their environment. You'll lose requirements
> and scheduling in the translation. You ask the department manager to
> ask the IT manager to ask a sysadmin to call you (and that's a short
> chain). But you asking the department manager to ask the IT manager to
> schedule time for their sysadmin to work with the department manager to
> prepare for an unknown presentation based on some list of requirements
> and then you showing up on the appointment day and expecting all the
> preparations to be complete and correct is not going to work.

The above approach works great if the company in question doesn't mind
the users inside the network being able to VNC outbound, but in most
cases, outbound VNC just leads to employees connecting to their home
computers and goofing off on company time. Any company that permits
unrestricted outbound access has not taken the proper steps to keep from
spreading virus's and such, and doesn't really have much of a security
mind-set anyway. I suspect, due to HIPPA compliance, that most hospitals
restrict anything that is not absolutely needed for daily operation of
the hospital.

What you are likely to find is a system in a conference room that
provides external access in a less restrictive rule-set for such types
of demonstrations, but, most IT departments won't install a VNC client.
There are many on-line services that allow users to share their desktops
through a browser interface, and most IT shops don't have a problem with
setting something like that up for a conference room.

To address the real issue here, how to demo a non-web app over the
internet, you need to find a common method that doesn't require
modification of most firewall rules, doesn't require custom software
(unless it's a browser plug-in), and doesn't really violate IT policy.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
May 2, 2004 8:19:32 PM

Archived from groups: comp.security.firewalls (More info?)

Taking a moment's reflection, *Vanguard* mused:
|
| Since the potential customer doesn't know the intricacies of your
| product even if you try to describe a list of requirements, it is best
| to have them give you a contact in their company's IT department, or,
| more polite is to ask them to have their IT department call you (within
| an agreed time frame) so they don't feel pushed by outsiders.

In a more involved case, I would tend to agree. But, here, the issue is
just allowing VNC in/out so a connection can be made to a vender PC outside
to demo the product remotely.
Anonymous
May 17, 2004 8:58:42 PM

Archived from groups: comp.security.firewalls (More info?)

Hallo Mike, you wrote:

> We have PowerPoints and a web site but we'd like for us and the client to be
> able to look at the same thing at the same time to walk them through the
> product without traveling to the client site because of travel costs.
>
> GoToMyPC.com and other companies do it through a web browser so why can't
> we? If we could do it through a web browser then any client should be able
> to do it.

Why not? There is a connection possible to your VNC server using a java
applet (sending to the client site). It's listening at port 5900 (VNC ==
5800)

The Server administrator can change the Port-# to another #, f.e. 80.

HTH
Wolfgang
Anonymous
May 18, 2004 2:55:12 AM

Archived from groups: comp.security.firewalls (More info?)

"Wolfgang Ewert" <w.ewert2002@gmx.de> wrote in message
news:3vja8c.gqd.ln@news.wolfgang.ewert.com...
> Hallo Mike, you wrote:
>
> > We have PowerPoints and a web site but we'd like for us and the client
to be
> > able to look at the same thing at the same time to walk them through the
> > product without traveling to the client site because of travel costs.
> >
> > GoToMyPC.com and other companies do it through a web browser so why
can't
> > we? If we could do it through a web browser then any client should be
able
> > to do it.
>
> Why not? There is a connection possible to your VNC server using a java
> applet (sending to the client site). It's listening at port 5900 (VNC ==
> 5800)
>
> The Server administrator can change the Port-# to another #, f.e. 80.
>
> HTH
> Wolfgang

Hmm yes and no. That doesn't mean that it always works the way gotomypc do
it though does it? For example. A no out no in firewall. And a proxy that is
the only means of accessing the web. It's no going to work is it. You can't
put generic TCP through a http proxy. ( well not without other servers in
the chain and more client side software )
!