VPN and VNC
Wed Aug 28 17:55:01 2002
In general, correct. Over the VPN, 100% correct. The statement that VNC is
hackable is correct, and any hackable piece of software is generally frowned
on by us security folks, but if they can't get to the machine then they can't
back VNC on the machine.
On Wednesday 28 August 2002 08:55, Robert Gillis wrote:
> One more question.
> We had an auditor in here the last few days (non-profit national org so
> we get the vists once a year) when he heard we were looking at vnc he
> said "it has a lot of holes and can be easily hacked". Is that so?
> I got the feeling that he just wanted to recommend his own solutions -
> my thought process is this - If I am running VNC internally - it is as
> secure as my network is. If I am running it across my VPN via NetScreen
> - it is as secure as my VPN. IS that the case? Or am I missing
> simething here?
> Thanks again.
> -----Original Message-----
> From: firstname.lastname@example.org [mailto:email@example.com] On
> Behalf Of Beerse, Corni
> Sent: Wednesday, August 28, 2002 3:17 AM
> To: 'firstname.lastname@example.org'
> Subject: RE: VPN and VNC
> > -----Original Message-----
> > From: email@example.com
> > Hello - just getting into the VNC area, have a situation that I am
> > searching thru the archives for a possible solution to. I have several
> > users who come in on a VPN controlled by NetScreen firewall.
> > I have installed on one of the test machines the VCN server software.
> > When they attach via the LAN, I can run the client VCN and function
> > fine.
> > However, when they VPN in, they are unable to be reached. They can
> > browse the network , reach all resourses - no issues there.
> > Just cannot
> > seem to reach them via the VCN client.
> First see if you can ping from the vncviewer machine to the vncserver
> machine. (if ping is passed trough the firewall)
> For vnc, the major communciation is for the rfb protocol on port 5900
> (add display number as display :4 is on 5904). See if you can telnet
> from the viewer machine to the server machine on port 5900 `telnet
> vncservermachine 5900`. This should give a message like "rfb xxx.yyy".
> > I thought perhaps I needed to change a firewall setting, but
> > since they
> > are now on the network - is that really needed?
> Yep, open the used port: 5900 + displaynumber for the rfb communication.
> VNC-List mailing list
> VNC-List mailing list
M. I. S. Corp.