VNC security

[James Weatherall]

Mike,

Neither worms nor viruses can propagate via a VNC connection, since the
protocol contains no scripting or executable elements.

The main issues with opening a firewall  to allow VNC access are to do with
session snooping, tampering and impersonation attacks, which are pretty
rare.  VNC Enterprise and Personal Editions (http://www.realvnc.com) have
in-built security to protect from such attacks, or you can tunnel your VNC
connections via a secondary protocol such as SSH.

Regards,

Wez @ RealVNC Ltd.


> -----Original Message-----
> From: vnc-list-admin "at" realvnc.com 
> [mailto:vnc-list-admin "at" realvnc.com] On Behalf Of mbrown
> Sent: 16 August 2005 20:04
> To: vnc-list "at" realvnc.com
> Subject: VNC security
> 
> We are behind a firewall, but want to get VNC to allow consultants we
> trust to have remote access to our computers (and vice versa).  Past
> posts to this list convinced me that opening a port in the 
> firewall for
> specific users is a secure activity, but our IT guys are now 
> saying that
> it doesn't necessarily protect our systems from worms or viruses that
> may already inhabit the trusted user's computers.
> 
> Does anyone have a response to this?  It seems logical.  Would we want
> to require that any remote user that traverses our firewall 
> via VNC have
> an acceptable virus scan before doing so?  Are there particular VNC
> products that would be best for both us and our clients?  Can our
> clients use the free version?
> 
> 
> Mike Brown
> Salt Lake City
> _______________________________________________
> VNC-List mailing list
> VNC-List "at" realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list