Hamachi, spojeni přes vnc

[Nemec]

Dobrý den, mám kde a potřebuji se spojit s druhou instalací kubuntu na jiný počítač. Oba nemáme veřejnou IP. Nainstalovali jsme hamachi, včetně hamachi-guividíme se, ping funguje. Potřebujeme řešit vzdálené ovládání, problém jr v tom, že pokud vygeneruju přes krfb pozvánku, tak počítá s ip adresou, která je v doméne providera a nebere v úvahu 5 řadu adres hamachi. Cestu zcela uvolnit bez hesel se mi nechce je to příliš riskantní. Prosím poraďte řešení které zachovává bezpečnost a obchází omezení pozvánek. Děkuji

[nettezzaumana]

wikipedia o hamachi ...

Security

As with all closed-source or non-thoroughly reviewed applications, several security considerations apply:
the absence of source code for review
its beta status (if any) and possible impact of remaining bugs on security

Additionally due to Hamachi's use as a VPN application the following considerations apply:
additional risk of disclosure of sensitive data which is stored or may be logged by the mediation server- minimal where data is not forwarded
the security risks due to vulnerable services on remote machines otherwise not accessible behind a NAT, common to all VPNs

Hamachi claims to use strong, industry-standard algorithms to secure and authenticate the data and its security architecture is open [4]. The Hamachi implementation however is closed source and as such it is not available for review by the general public.

For the product to work, a "mediation server", operated by the vendor, is required. This server stores the nickname, maintenance password, statically allocated 5.0.0.0/8 IP address and the associated authentication token of the user. For every established tunnel, it could log the real IP address of the user, time of establishment and duration as well as the other interconnected users.

As all peers sharing a tunnel have full "LAN-like" access to each others computers, security problems may arise if firewalls are not used, as with any insecure situation. The security features of the NAT router/firewall are bypassed. This is not specific to Hamachi and needs to be addressed with other VPNs as well.

In the Security Now! podcast Steve Gibson described Hamachi as a "...brand new, ready to emerge from its long development beta phase, ultra-secure, lightweight, high-performance, highly polished, multi-platform, peer-to-peer and FREE! personal virtual private networking system ..." and that he had "... fully vetted the system's security architecture ...".[5]

In the following episode, to a question raised by Randal Schwartz: "Hamachi's not open source. How can we trust it?", Gibson replied, "... it's one of the things that made me anxious and continues to make me anxious. I'm going to end up probably over on OpenVPN ...". Later he continued, "But Hamachi is - I'm convinced that Alex [Pankratov] has really designed this system exactly as he's told me he has. He's got years of experience with security, implementing IPSec tunnels, you know, classic VPN solutions. I couldn't feel any better about this than I do, short of doing a complete source audit ... which is just not practical. So it's certainly the case though that, well, I mean, you know, we're trusting Bill when we use Windows.", and, "... I'm sure Alex has told me the truth, but I have no proof of it."

<< to bych v zivote nepouzil !!!

[Nemec]

Tohle mi nepomůže, potřebuji spojení abych nemusel kvůli drobnostem jezdit skoro  100 km. Spojení bude aktivní pouze pro požadovanou dobu. Je to člen rodiny, tak ho odmítnout nemohu. Pokud máte pochyby o bezpečnosti prosím navrhněte něco jiného.

[Petr Merlin Vaněček]

OpenVPN?

[Martin Kiklhorn]

Pokud nemáte žádnou veřejnou adresu k dispozici (ani někde po cestě nemůžete zřídit prostředníka) tak se hamachi zřejmě nevyhnete.

ad krfb - nedá se povolit nepozvaná spojení a zabezpečení řešit jen heslem? Případně použít jiný VNC server?