I am trying to “outsource” potentially dangerous applications such as web browsing to a separate Linux machine sitting in its own network segment and which is isolated by a rigorous network firewall from our internal network, thus I am trying to build a “remote-controlled browser”. Since I am in the early planning phase, I wonder which remote protocol to choose best for remote access to such a machine. I have to deal with a potentially malicious server and I want to protect the client (Windows or Linux) which accesses it.
Which remote control protocol would you recommend for a small attack surface? I can think at the moment of
- SPICE (from the proxmox hypervisor)
- NX (Nomachine)
- XPRA via HTML5
It is clear that the more lightweight a protocol is, the more suitable it is. However, I would prefer to be able to also stream video + audio over it (which might rule out some protocols).