We have a VPS / Bare-metal server rented on a data-center and we access them over internet through user ID and password. It is running CentOS 7. That is direct access and there's no VPN in between. We access GNOME desktop environment directly through VNC client/Nomachine client. The VPS/Bare-metal has VNC-server and NX-server running.
We want to have a secure environment for outsiders to work so that -
a) Nobody can copy code from inside desktop environment (vim or other editor) to outside client machine.
b) There's no internet access from insider VPS, so that a code can't be copied over to internet.
c) SSH is disabled (This is achieved) Of course for root/su users, the SSH and internet access is open.
Is there a way we can achieve this with VNC and IPTABLES etc. Plz note the direct inbound VNC access over internet to be intact. We don't own/rent any other machine on same LAN through which we can route traffic.
The idea is to block here direct code copy from a text editor or bulk transfer through net. HOwever as long as somebody is working on a shared screen they can still screen capture run OCR or at least take it through a mobile phone etc device and run image to text. The point is making things difficult than having 1K/10K/100K/1M lines of code copied just like that.
