VNC and Security
tgray@adacplastics.com
tgray "at" adacplastics.com
Wed, 09 Feb 2000 01:28:41 +0000
Considering the feature of being able to lock the server down with
registry keys (if you're running WinVNC, other ways for other OS's)
one should be able to feel reasonably secure against external
intrusion using VNC by just locking VNC down to the internal IPs
that are used. Should an intruder somehow spoof an internal IP
address on your network, then it's kind of obvious that they are
already in... VNC wouldn't be the first thing to worry about.
I won't mention the poor passwords in use, I think that deceased
equine has been adequately flogged.
On 7 Feb 00, you wrote:
> The systems at the non-profit organization are all vulnerable to a
> dictionary attack: user names and passwords are alpha (not numeric),
> and generally names: Mary, Tim, Ron.
>
> The system administrator claims that VNC is a security risk in this
> environment. Your comment?
>
> Your email reply will provide valuable documentation.
>
> Phil Webster
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, send a message with the line: unsubscribe vnc-list to
> majordomo "at" uk.research.att.com See also:
> http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
>
>
"If you don't think life is interesting,
you're not paying enough attention." me, 1987-ish.
--Tim Gray
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------