K
Kent W. England [MVP]
Any server is vulnerable to being attacked via its listening port. You
might change the port number to try to avoid specific VNC scans. Use a
strong password. But the vulnerability depends entirely on the quality
of VNC, which isn't very secure.
VNC is certainly more powerful than Remote Assistance. You can access
the remote system without requiring user intervention and you can reboot
the system and relogon, something Remote Assistance can't do.
From the FAQ for TightVNC:
How secure is TightVNC?
Although TightVNC encrypts passwords sent over the net, the rest of the
traffic is sent as is, unencrypted (for password encryption, VNC uses a
DES-encrypted challenge-response scheme, where the password is limited
by 8 characters, and the effective DES key length is 56 bits). So using
TightVNC over the Internet can be a security risk. To solve this
problem, we plan to work on built-in encryption in future versions of
TightVNC.
In the mean time, if you need real security, we recommend installing
OpenSSH, and using SSH tunneling for all TightVNC connections from
untrusted networks.
might change the port number to try to avoid specific VNC scans. Use a
strong password. But the vulnerability depends entirely on the quality
of VNC, which isn't very secure.
VNC is certainly more powerful than Remote Assistance. You can access
the remote system without requiring user intervention and you can reboot
the system and relogon, something Remote Assistance can't do.
From the FAQ for TightVNC:
How secure is TightVNC?
Although TightVNC encrypts passwords sent over the net, the rest of the
traffic is sent as is, unencrypted (for password encryption, VNC uses a
DES-encrypted challenge-response scheme, where the password is limited
by 8 characters, and the effective DES key length is 56 bits). So using
TightVNC over the Internet can be a security risk. To solve this
problem, we plan to work on built-in encryption in future versions of
TightVNC.
In the mean time, if you need real security, we recommend installing
OpenSSH, and using SSH tunneling for all TightVNC connections from
untrusted networks.