VNC security

[James Weatherall]

Bernard,

> Alternatively it's possible to configure VNC to only accept 
> connections 
> from localhost. This requires a VPN to be set up between the 
> remote and 
> local machines. That can use any type of encryption your IT 
> guys think 
> is required. Even if the blackhats sniff the network traffic it won't 
> get them in. As a former IT guy I prefer this approach.

You would configure VNC to accept connections only from localhost if you
were tunnelling via something like SSH, not when accessing systems via a
VPN.

A VPN will typically appear to the two computers as a distinct network
interface, through which the other computer is accessible.  This is
*precisely* the sort of configuration that Mike *deosn't* want, since it
means that the two computers are effectively then exposed to each other
directly, and viruses can easily propagate using security loop-holes such as
those often found in Windows File Sharing.

Regards,

Wez @ RealVNC Ltd.