Open source security measures?

James Weatherall jnw "at" realvnc.com
Mon Feb 13 10:18:01 2006 

Jorge,

I can understand your wanting to discourage misuse of licensed software, but
I am unclear as to how that relates to which edition of VNC to use, since
they're all licensed...

Cheers,

Wez @ RealVNC Ltd.
 

> -----Original Message-----
> From: vnc-list-admin "at" realvnc.com 
> [mailto:vnc-list-admin "at" realvnc.com] On Behalf Of Jorge L. 
> Vizcarralagos
> Sent: 10 February 2006 20:33
> To: vnc-list "at" realvnc.com
> Subject: Open source security measures?
> 
> > Jorge,
> >
> > Current VNC Server releases include measures to prevent 
> brute-force attacks
> > against servers.  These prevent attackers from repeatedly 
> attempting to
> > connect to the server, trying to guess at the password, making it
> > *extremely* unlikely that the "attacker" in this case tried 
> connecting and
> > managed to guess your weak password - it's much more likely 
> that the person
> > connecting actually knew what the password would be.  Are 
> you sure that they
> > weren't simply one of the people that you had previously 
> been demoing to?
> >
> > We don't advise use of VNC Free Edition across the Internet 
> except via some
> > sort of secure tunnelling protocol.  VNC Enterprise & 
> Personal Editions have
> > in-built session security for this purpose.  All current 
> VNC Server releases
> > also support querying the local user to accept connections, which is
> > advisable if you are concerned that the password you are 
> using is weak or
> > widely known.
> 
> 
>     In the near future I would most likely purchase the Personal or 
> Enterprise editions of this program but for educational 
> purposes I would 
> still love to use open software since I discourage the misuse of 
> licensed software. I have been looking for other open source 
> programs, 
> such as SSH, Tunneling ect... that can be used in conjunction 
> with the 
> fee edition of VNC or other editions for that matter. What are your 
> opinions?  What would offer the best protection? What would sound the 
> most secure to clients wanting to work from home securely?     
> _______________________________________________
> VNC-List mailing list
> VNC-List "at" realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list