It's really valuable to me to be able to access my desktop PC at work remotely from the Internet. Unfortunately the tools I was using to do this—FTP for file transfer and VNC for remote administration—are not secure and allow passwords to be transmitted in the clear. This is inherantly insecure and a bad thing for an IT security person like me to be doing. So I decided to secure my system, which is running Widows XP. The key to this was the existance of several free Open Source tools: an easy-to-use secure server (OpenSSH for Windows) and secure clients to allow me to access the secure system. The clients I am using are WinSCP for SFTP and SSHTerm Professional for Secure VNC access.

SSHTerm Professional looked like the end-all and be-all for secure connections as it does SSH, SFTP and Secure VNC, but it's not the best SFTP client—WinSCP is much better. While it does a fine job with SSH, I still like PuTTY much better, but SSHTerm Professional does a great job with Secure VNC.

Setting up Secure VNC has been just a “too hard” item for most folks; you had to launch SSH, establish a tunneled port, and then launch your VNC client. With SSHTerm Professional, the client software establishes both the tunnel and the VNC connection, making it far more user-friendly. In order to make Secure VNC work, you have to change some VNC settings--I use Tight VNC so this was in the setup and I did not have to tweak the registry. In the Tight VNC system properties dialog box you have to select “Advanced”, and in the advanced dialog box you have to check “Allow Loopback Connections” and “Allow Only Loopback Connections”. This disables normal VNC connectivity and allows only tunneled connections. It works very well. With other versions of VNC you may have to add two entries in the registry under HKEY_LOCAL_MACHINE/SOFTWARE/OTL/WinVNC3: add REG_DWORDs AllowLoopback and LoopbackOnly, each with a value of 1; also under HKEY_LOCAL_MACHINE/SOFTWARE/OTL/WinVNC3/Default add the REG_DWORD LoopbackOnly with a value of 1. (My advice: get TightVNC. Registry editing is not for the faint of heart.)

OpenSSH for Windows (server): http://sshwindows.sourceforge.net/

SSHTerm: http://www.sshtools.com/products/applications/sshterm-pro/sshterm-pro.jsp (you have to register to download it here but it's GNU-licensed; it's also available as part of SSL-Explorer, a GNU-licensed SSL VPN, at http://sourceforge.net/projects/sslexplorer/ or you can get it without registration at http://www.download.com/SSHTerm-Pro/3000-2155_4-10323202.html.)

Tight VNC: http://www.tightvnc.com/

WinSCP: http://winscp.sourceforge.net/eng/

So I now have a Windows system open to the Internet on which all external access is encrypted, using all OpenSource products. If you access a Windows system remotely, you should do this too. I'm a happy camper.

Fred Langa mentioned me in the LangaList on the 21st; I answered his call for folks to share their favorite freeware apps and he linked to my entry in the InfoweekForum, which has actually drawn eight replies itself and has hooked me up with some other great tools. Pretty neat!

Firefox 1.0 will be released November 9, and supporters of Firefox (me among them!) have taken out a full-page ad in an upcoming issue of the New York Times to announce it. It's exciting what the open source community can create, particularly with the level of industry support that the Mozilla project has enjoyed. When this comes out, it will become the default Web browser for IIT's Rice Campus and IIT's Center for Professional Development.