Archived from groups: comp.security.firewalls (
More info?)
"Leythos" (void@nowhere.com) said in
news:MPG.1afaec7e6b25255198a462@news-server.columbus.rr.com:
> In article <Xn8kc.20955$7a5.2982@bignews6.bellsouth.net>,
> mikeotown@nospam.msn.com says...
>> We would like a solution for demonstrating our application to
>> customers over the internet. I was thinking we could setup a WinVNC
>> server in our office and then send the WinVNC client to the customer
>> so that they could connect to our computer and we could walk them
>> through the program over the phone.
>>
>> Our customers are hospitals. Do you think there will be a problem
>> with customers inside hospital networks connecting to us using the
>> WinNVC client? They are able to browse web pages so their port 80 is
>> open, so could we set the VNC client to use port 80?
>
> Since most places have rules to block that type of thing,
But the OP said the potential customers CAN browse web pages. If they
are still using the default port 80 to do so, why wouldn't the VNC
client which was also using port 80 be able to get through? I suppose
it is possible the firewall checks for HTTP headers for datastreams
using port 80, but wouldn't using the VNC in-built web server circumvent
that check (see http://www.realvnc.com/faq.html#firewall)? I'm assuming
the customer just uses their web browser to connect to the VNC web
server. Or does that merely present a web page to download a Java
applet to the customer where they then locally run the applet (which
would make the real VNC server connection but without using HTTP)?
> and since
> most places don't let users install apps, you are going to have to do
> something that does not require a rule in the firewall or installation
> of software.
"The Windows viewer, for example, is about 150K in size and can be run
directly from a floppy" (http://www.realvnc.com/why.html). So nothing
would have to be installed on the potential customers computer. That
quote was from RealVNC.com which is now where you get WinVNC (see
http://www.uk.research.att.com/vnc). Also, if the in-built web server
for VNC is used, it looks to download a Java applet for the VNC viewer
on the client's host. This isn't an install but does require that Java
is enabled in the browser and that a JVM has been installed (as either
part of the browser or separately).
So which is better, WinVNC (www.realvnc.com) or TightVNC
(www.tightvnc.com) which is derived from WinVNC?
While OpenSSH is recommended (by realvnc.com) for security, that's just
for the connection to protect the content of the communications.
OpenSSH is a Unix solution. Anyone know of a good, free, easy to use
and easy to setup client-side Windows alternative to OpenSSH? I use
SpamPal for spam filtering, it doesn't do SSL connections, but it
mentions STunnel (www.stunnel.org). Is STunnel any good and will it
work with WinVNC (or TightVNC)? While OpenSSH protects the content of
the VNC communications, it still doesn't address protecting the VNC
server host and regulating the password divulged to unregulated or
uncontrolled customers.
Since you are letting outside unregulated clients (not employees) get
into the host running the VNC server, wouldn't this be a security
threat? After all, you're divulging the password to use the VNC client
to users that could redistribute that password. Seems like you would
need to take into account some security measures on your VNC server
host, like moving it to a DMZ zone on your router, or having the
customer call when about to connect to give them a password you create
on-the-fly and which you delete or change after the session. Of course,
you could just run the VNC server as an application and unload it after
the session, or run it as a service and stop it after the session.
> Try the following:
>
> 1) Power Point Demo
Never seen these as impressive when trying to promote a product without
an included speaker to guide the presentation.
> 2) PDF Multi-media demo
> 3) Combination of PPT and AVI's
Some products are so complex and highly configurable to the user's needs
that a demo just won't cut it. It may present a scenario for
demonstration that is nothing like the customer's needs or environment.
But then trying to teach them remotely doesn't work as well, either.
Yeah, showing them how to use a sub-$1000 product, like Word, is doable,
but not when it is a vertical market product that starts out costing
$50K (but then sitting on your fanny and hoping the potential customer
logs in when you are ready is not the way to sell such products).
> 4) If your product is web enabled, and what product isn't today, just
> open a demo site for them.
Doesn't provide the interaction with the seller that Mike wants.
> 5) Visit them with the demo on a laptop and take a projector
Best if it is a high-dollar product or a volume contract representing
lots of money. Cost counterproductive if it is a cheap product or
low-volume sale. If it is worth the time and money to send a rep to
present the product, it probably won't be just a demo but instead a full
blown install of the real product on the laptop. If the product
requires network connectivity, especially outside connectivity, you had
better also contact their network admin to get prepped on how to get
your product to work in their environment. Having your product get
crippled during its presentation because it won't run in their
environment is about as effective a presentation as wetting your pants
(and, although the OP was geared toward hospitals, the "product" is
probably not adult diapers).
Facebook
Twitter
Instagram