Restricting Port 6000 access in Cygwin/X

public inbox for cygwin-xfree@sourceware.org
help / color / mirror / Atom feed

From: Kevin Brown <cre8tivspirit@live.com>
To: "cygwin-xfree@cygwin.com" <cygwin-xfree@cygwin.com>
Subject: Restricting Port 6000 access in Cygwin/X
Date: Mon, 09 Dec 2013 14:37:00 -0000	[thread overview]
Message-ID: <BAY178-W360DBF8F8D31BB19078A8881D30@phx.gbl> (raw)

My company recently sent an audit finding requesting for our Cygwin/X users with a finding of the following;

"The remote host is running an X11 server.  X11 is a client-server protocol that can be used to display graphical applications running on a given host on a remote client.   Since the X11 traffic is not ciphered, it is possible for an attacker to eavesdrop on the connection."

The suggested solution was;

"Restrict access to this port. If the X11 client/server facility is not used, disable TCP support in X11 entirely (-nolisten tcp)."

My problem is that I haven't found any information that would help me accomplish this task. I've only recently taken over support of our Cygwin users and am not well versed in the software. Can this be done without breaking the functionality of the the software? If so, can you please advise on the steps to take to accomplish this?

Current version being used is 1.7.11-1.

Thanks,
Kevin E. Brown

Soli Deo Gloria! 		 	   		  
--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://x.cygwin.com/docs/
FAQ:                   http://x.cygwin.com/docs/faq/

next             reply	other threads:[~2013-12-09 14:37 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-12-09 14:37 Kevin Brown [this message]
2013-12-09 15:27 ` Jon TURNEY

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=BAY178-W360DBF8F8D31BB19078A8881D30@phx.gbl \
    --to=cre8tivspirit@live.com \
    --cc=cygwin-xfree@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).