VNC and Security
Antonio Torres
antonio.torres "at" nspace.com.br
Tue, 08 Feb 2000 13:32:44 +0000
=C1s 11:46 PM 2/7/00 -0600, you wrote:
>The systems at the non-profit organization are all vulnerable to a=20
>dictionary attack: user names and passwords are alpha (not numeric), and=20
>generally names: Mary, Tim, Ron.
>
>The system administrator claims that VNC is a security risk in this=20
>environment. Your comment?
>
>Your email reply will provide valuable documentation.
>
>Phil Webster
ALL open conections to outside world *are* secutity risk !!!
The only metod to minimize risks (as I know) is using a good set=20
of rules on a firewall.
But firewall is for outside world conections.=20
If Your problem is *internal* security, You need a *good* internal=20
password policy.=20
Is impossible to be secure with users writing the passwords on=20
a 'post-it' and attaching them on monitor !
Antonio Torres
antonio.torres "at" nspace.com.br
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------