Is VNC safe for remote control?

[Kent W. England [MVP]]

Any server is vulnerable to being attacked via its listening port. You
might change the port number to try to avoid specific VNC scans. Use a
strong password. But the vulnerability depends entirely on the quality
of VNC, which isn't very secure.

VNC is certainly more powerful than Remote Assistance. You can access
the remote system without requiring user intervention and you can reboot
the system and relogon, something Remote Assistance can't do.

From the FAQ for TightVNC:

How secure is TightVNC?

Although TightVNC encrypts passwords sent over the net, the rest of the
traffic is sent as is, unencrypted (for password encryption, VNC uses a
DES-encrypted challenge-response scheme, where the password is limited
by 8 characters, and the effective DES key length is 56 bits). So using
TightVNC over the Internet can be a security risk. To solve this
problem, we plan to work on built-in encryption in future versions of
TightVNC.

In the mean time, if you need real security, we recommend installing
OpenSSH, and using SSH tunneling for all TightVNC connections from
untrusted networks.

 

[walala]

Dear all,

I used RADMIN and got some "Nachi" virus warning and was checked by
our security personnel...(please see my previous post for details)

I cannot help thinking about using VNC instead of RADMIN.

I know there is no remote control program that is absolutely safe...
but is that true that VNC is at least safer than RADMIN?

And how to make it very safe? By downloading patches? Using SSH? But I
guess SSH cannot avoid the server being intruded and scanned, since
the port is always listening, right?

Can anybody tell me how to do that, because I realy don't want to
bother our security person always come to ask to check my PC and
unhook me from the Internet...

Thanks a lot

-Wlalal

 

[Andy Cowley]

No its not safe, and performancewise its poor. My advice would be Symantec
PC Anywhere. You can set access to specific passworded callers etc. Still
not absolutely secure but significantly better than VNC in every respect.

ANDY

 

[Kevin Boyle]

Why not use Remote Desktop if you are using Windows XP or 2000. Also, I use
Remote Administrator and have never had any problems, I have recently
changed to VNC, RealVNC and it is working fine, although as previously
stated performance is quite poor. I am going to change to Ultra@VNC which
improves performance but is no longer cross platform.

It depends if you want to spend money or not, I use remote desktp and vnc
because they are free, if you can justify the expenditure, I have heard good
reports about symantec.

 

[walala]

No its not safe, and performancewise its poor. My advice would be Symantec
PC Anywhere. You can set access to specific passworded callers etc. Still
not absolutely secure but significantly better than VNC in every respect.

ANDY

How about that RemoteDesktop in WINDOWSXP then?

-Walala

 

[walala]

No its not safe, and performancewise its poor. My advice would be Symantec
PC Anywhere. You can set access to specific passworded callers etc. Still
not absolutely secure but significantly better than VNC in every respect.

ANDY

Hi, Andy,

How about the remoteassistance and remote desktop in WINDOWXP then? Is
that safer? What patches shall I put on if I am going to turn to this
one?

Thanks a lot,

-Walala

 

[purplehaz]

Vnc(or remote administration programs that are similiar) can be encrytpted
if your using the right programs. PC anywhere has always, and as far as I
know still does, pass its password in plain text format to the host computer
when you try to connect. Anyone viewing that packet could get your pc
anywhere password.

 

[purplehaz]

Andy Cowley <[email protected]> wrote in message

Hi, Andy,

How about the remoteassistance and remote desktop in WINDOWXP then? Is
that safer? What patches shall I put on if I am going to turn to this
one?

Remote desktop and assistance are both secure enough for normal remote
control use. I wouldn't use it on a computer with confidential trade
secrects, but your home or work computer is fine. Your firewall
configuration can secure the connection attemps even more and changing the
default remote desktop port is also a goos idea.

 

[Kevin Weilbacher]

And I would offer exactly the opposite suggestion -- I would never put PC
Anywhere on a computer, especially a business computer. VNC on the other
hand, in conjuction with using VPN to establish a remote conneciton, works
great for me. Why? PCA is way to intrusive for my liking. VNC, on the other
hand, is small and appears to not affect other services. I even run it on my
servers, so I can access them remotely.

As to performance, some versions of VNC are a bit better at video refresh
than others. Check out TightVNC and UltraVNC. In all cases, the price is
right - free.
-kw

 

[Curtis Reynolds]

No its not safe, and performancewise its poor. My advice would be Symantec
PC Anywhere. You can set access to specific passworded callers etc. Still
not absolutely secure but significantly better than VNC in every respect.

Andy,

As for performance.....you need a better stopwatch. PCA's performance is
awful....and extremely hard on sys resources and other services. I also
believe PCA _STILL_ sends it's password in clear text.

IMHO
CR

ANDY

On 30 Oct 2003 22:04:19 -0800, walala <[email protected]> wrote:

[ snip ]
Walala,

VNC is fine. SSH is no more "open" because it's always listening than
anything else is. If you are using PCA over TCP/IP, it's still always
listening on it's inbound port. If you are using VNC without SSH, it's
always listening on 5900 (and I think it's 5800 for java based). If you
aren't already behind a firewall, you always listening on many ports that
are open to the internet. SSH _IS_ at least more secure thans without it.

And quite frankly, IMHO, in terms os it's performance is one of the best
remote control apps out there.

AND IT'S FREE.
IMHO
CR

 

[Lanwench [MVP - Exchange]]

VPN and Remote Desktop?