[X2go-dev] Looking for information on the future of x2go (and some other x2go-related stuff)
Stefan Baur
newsgroups.mail2 at stefanbaur.de
Thu Mar 3 13:29:45 CET 2011
Hello Alexander,
you wrote:
>> Security: While it would be possible to connect the NX or x2go
>> server to the Windows Domain using PAM, keeping the two "worlds"
>> seperate is a security benefit, since in the unlikely event that the
>> Linux box gets hacked, the Windows Domain is not exposed to the
>> attacker.
>On the other hand, in the far more likely event your Windows Domain gets
>hacked, you have handed the attacker all the Unix passwords on a
>platter.
Well, I'll admit that I might be a little self-centric here, but in the
usage scenario I have in mind, the Windows Domain has no Internet
connection at all, except for the one server distributing the
Windows Update packages - and even that one is limited to the Windows
Update sites using a whitelist on a proxy server.
So an attacker would have to be a rogue employee or someone else who
gained physical access (fake janitor or whatever). The Linux box with
NX/x2go, OTOH, is connected to the Internet.
Kind Regards,
Stefan
More information about the x2go-dev
mailing list