Mailing List Archive

Your best bet is using a listening client and initiating a session from the
controlled machine. Set your router to route port 5500 to your PC, allow it
through any PC-based firewall, and run the listening client. However, my
guess is that even this will be blocked if the network is really a secure
one. You won't make any progress on this without authorisation, and that
will be hard to get. I must say if a VNC client could get access to medical
information simply by Googling for the details, something would be very
wrong.

Philip Herlihy


-----Original Message-----
From: vnc-list-bounces@realvnc.com [mailto:vnc-list-bounces@realvnc.com] On
Behalf Of Paul Dunn
Sent: 25 November 2010 11:18
To: VNC list
Subject: VNC to N3 network?

Has anyone managed to set up VNC to allow access into the secure N3
(NHS) network? I've spent hours on Google, and haven't managed to find
anything on getting through the gateway, or even on finding IP addresses
for the surgeries I want to get to.

Thanks -

Paul

_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list




_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

No. I seriously doubt any medical facility will allow access from outside the local network. The opportunity for someone to get unauthorized access is too great. In addition, it is then possible for someone to inadvertently violate the patient privacy act. This puts the medical facility in a great liability position.


On Nov 25, 2010, at 05:18 AM, Paul Dunn wrote:

> Has anyone managed to set up VNC to allow access into the secure N3 (NHS) network? I've spent hours on Google, and haven't managed to find anything on getting through the gateway, or even on finding IP addresses for the surgeries I want to get to.
>
> Thanks -
>
> Paul
>
> _______________________________________________
> VNC-List mailing list
> VNC-List@realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list


Dale Eshelman
eshelmand@gmail.com

MonaVie (Distr ID 1316953)
http://www.monavie.com/Web/US/en/product_overview.dhtml

The closer I get to the pain of glass in Windoz, the farther I can see and I see a Mac on the horizon.

_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

On 25/11/2010 14:40, Philip Herlihy wrote:
> Your best bet is using a listening client and initiating a session from the
> controlled machine.

This is my fallback plan, but it's so inconvenient that it probably
wouldn't be worth it. I don't think this could be blocked - could it?
The surgery computer can always see outside N3 on a browser, so
presumably tunnelling on 80/443 should be fireproof.

The issue for incoming connections, as you point out, is authorisation.
It's possible to get authorisation, but it's next to impossible to find
out *how* to get authorisation. This is what I've been googling for.
There are half-a-dozen commercial solutions that do exactly this, but I
can't find anyone at N3, or any technical docs, to tell me what's
involved or who to apply to. You can apply to use an existing
third-party commercial solution, but that's it. The third-party
solutions have various problems, apart from price - some only encrypt
between the surgery computer and the N3 gateway, some use offshore/US
servers, and so on. End-to-end vnc/ssh is my preferred solution.

So, what I was hoping was that someone here has already been through the
pain, and found out how to apply to get through the gateway, or how to
get through without finding someone to apply to...

-Paul


_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

Yes it can be blocked. Any decent firewall can block an outgoing port as
well as an incoming one, and a properly secured system will have blocked
anything not positively known to be needed.

Good luck!

Philip Herlihy

-----Original Message-----
From: Paul Dunn [mailto:sa212+vnc@cyconix.com]
Sent: 25 November 2010 19:55
To: VNC list
Cc: Philip Herlihy
Subject: Re: VNC to N3 network?

On 25/11/2010 14:40, Philip Herlihy wrote:
> Your best bet is using a listening client and initiating a session from
the
> controlled machine.

This is my fallback plan, but it's so inconvenient that it probably
wouldn't be worth it. I don't think this could be blocked - could it?
The surgery computer can always see outside N3 on a browser, so
presumably tunnelling on 80/443 should be fireproof.

The issue for incoming connections, as you point out, is authorisation.
It's possible to get authorisation, but it's next to impossible to find
out *how* to get authorisation. This is what I've been googling for.
There are half-a-dozen commercial solutions that do exactly this, but I
can't find anyone at N3, or any technical docs, to tell me what's
involved or who to apply to. You can apply to use an existing
third-party commercial solution, but that's it. The third-party
solutions have various problems, apart from price - some only encrypt
between the surgery computer and the N3 gateway, some use offshore/US
servers, and so on. End-to-end vnc/ssh is my preferred solution.

So, what I was hoping was that someone here has already been through the
pain, and found out how to apply to get through the gateway, or how to
get through without finding someone to apply to...

-Paul




_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

And can be blocked by protocol (for example vnc protocol) too, beside
the port you use.



Greets.


El 25/11/2010 21:09, Philip Herlihy escribió:
> Yes it can be blocked. Any decent firewall can block an outgoing port as
> well as an incoming one, and a properly secured system will have blocked
> anything not positively known to be needed.
>
> Good luck!
>
> Philip Herlihy
>
> -----Original Message-----
> From: Paul Dunn [mailto:sa212+vnc@cyconix.com]
> Sent: 25 November 2010 19:55
> To: VNC list
> Cc: Philip Herlihy
> Subject: Re: VNC to N3 network?
>
> On 25/11/2010 14:40, Philip Herlihy wrote:
>> Your best bet is using a listening client and initiating a session from
> the
>> controlled machine.
> This is my fallback plan, but it's so inconvenient that it probably
> wouldn't be worth it. I don't think this could be blocked - could it?
> The surgery computer can always see outside N3 on a browser, so
> presumably tunnelling on 80/443 should be fireproof.
>
> The issue for incoming connections, as you point out, is authorisation.
> It's possible to get authorisation, but it's next to impossible to find
> out *how* to get authorisation. This is what I've been googling for.
> There are half-a-dozen commercial solutions that do exactly this, but I
> can't find anyone at N3, or any technical docs, to tell me what's
> involved or who to apply to. You can apply to use an existing
> third-party commercial solution, but that's it. The third-party
> solutions have various problems, apart from price - some only encrypt
> between the surgery computer and the N3 gateway, some use offshore/US
> servers, and so on. End-to-end vnc/ssh is my preferred solution.
>
> So, what I was hoping was that someone here has already been through the
> pain, and found out how to apply to get through the gateway, or how to
> get through without finding someone to apply to...
>
> -Paul
>
>
>
>
> _______________________________________________
> VNC-List mailing list
> VNC-List@realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list
>


_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

If the computers within the surgery are members of a Windows Domain, they
may have their firewalls controlled by a Group Policy so that you cannot
open the ports necessary for VNC. It ought to be possible to see this
before you go any further.

If you can open ports to VNC then there is a straightforward solution.

Identify or provide a suitable phone line into the surgery premises. Buy an
ADSL service for that phone line. Install a router that supports a
LAN-to-LAN VPN, and connect it to the LAN in the surgery. You can then VPN
to any machine on the LAN within the surgery. There may be a problem in
that the router in the surgery may have each port firewalled to allow only
machines with known MAC addresses to connect - if you try connecting a test
laptop you should be able to confirm or deny this.

Clearly you should have the co-operation of the surgery staff to achieve
this, and of course a budget.


Regards,

-- Graham Jones


> -----Original Message-----
> From: vnc-list-bounces@realvnc.com
> [mailto:vnc-list-bounces@realvnc.com] On Behalf Of Paul Dunn
> Sent: 25 November 2010 19:55
> To: VNC list
> Cc: Philip Herlihy
> Subject: Re: VNC to N3 network?
>
> On 25/11/2010 14:40, Philip Herlihy wrote:
> > Your best bet is using a listening client and initiating a session
> > from the controlled machine.
>
> This is my fallback plan, but it's so inconvenient that it
> probably wouldn't be worth it. I don't think this could be
> blocked - could it?
> The surgery computer can always see outside N3 on a browser,
> so presumably tunnelling on 80/443 should be fireproof.
>
> The issue for incoming connections, as you point out, is
> authorisation.
> It's possible to get authorisation, but it's next to
> impossible to find out *how* to get authorisation. This is
> what I've been googling for.
> There are half-a-dozen commercial solutions that do exactly
> this, but I can't find anyone at N3, or any technical docs,
> to tell me what's involved or who to apply to. You can apply
> to use an existing third-party commercial solution, but
> that's it. The third-party solutions have various problems,
> apart from price - some only encrypt between the surgery
> computer and the N3 gateway, some use offshore/US servers,
> and so on. End-to-end vnc/ssh is my preferred solution.
>
> So, what I was hoping was that someone here has already been
> through the pain, and found out how to apply to get through
> the gateway, or how to get through without finding someone to
> apply to...
>
> -Paul
>
>
> _______________________________________________
> VNC-List mailing list
> VNC-List@realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list


_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list