WHAT ARE THE ISSUES ABOUT X-WINDOWS THROUGH A FIREWALL?
X-Windows is a very useful system, but it unfortunately has some major security flaws. Remote systems that can gain or spoof access to a workstation s X display can monitor a user s keystrokes and download copies of the contents of their windows. Although attempts have been made to overcome problems for example, MIT “Magic Cookie” it is still entirely too easy for an attacker to interfere with a user s X display. Most firewalls block all X traffic. Some permit X traffic through application proxies such as the DEC CRL X proxy (FTP crl.dec.com). The TIS FWTK includes a proxy for X, called x-gw, which a user can invoke via the Telnet proxy, to create a virtual X server on the firewall. When a user requests an X connection on the virtual X server, the user is presented with a pop-up menu asking whether it is OK to allow the connection. Although this setup is a little unaesthetic, it s entirely in keeping with the rest of X.
