Enterprise edition - tunnelling through a VPN or SSH unnecessary??

S. I. Becker stewart "at" sibecker.co.uk
Sat Sep 30 15:41:00 2006 

VP wrote:
> Hi Stuart,
> 
> Does this mean that if you are using the latest _Enterprise_ edition of Real VNC 
> that tunnelling through a VPN or SSH connection becomes unnecessary?
> 
> Thanks
> 

Please reply to the group list, not to individuals.
</lecture>

I have never used RealVNC Enterprise or Personal editions, so the only 
information I can give you would come directly from RealVNC's web-site. 
  Try http://www.realvnc.com/products/features.html for a start.

RealVNC offer a trial on both Personal and Enterprise Editions, so you 
can find out for yourself if that will suit your needs before making a 
financial commitment.  The Enterprise and Personal editions of RealVNC 
offer built in encryption types, meaning that they CAN have encrypted 
connections IF YOU TELL THEM TO DO SO.  This would make the encryption 
offered by a VPN or an SSH connection unnecessary.  However, encryption 
is not the be-all and end-all of security.  There are other factors to 
consider about whether a system (like VNC) is "safe enough" to be used 
over the internet, for which you will have to make your own judgement.

HTH,

Stewart

> 
> At 08:58 PM 28-09-06, you wrote:
> 
>> Adrian Powell wrote:
>>
>>> Is Real VNC considered current safe enough (generally) to use across the
>>> internet ?.
>>
>>
>> Free edition: NO!  It is not encrypted, and although the password is checked 
>> securely, you can only have a password of a maximum length of 8 characters.  
>> Any keypresses (for typing passwords, etc.) you send within the session are 
>> send "in the clear."  Similarly, if the work you are doing on screen is 
>> sensitive, that is not encrypted.  However, you can tunnel VNC through a VPN 
>> or SSH connection.  Try googling "VNC and SSH HOWTO" or "VNC and VPN HOWTO" 
>> for details on how to go about this.
>>
>> It is my understanding that RealVNC Personal edition and Enterprise edition 
>> address these issues. There are also variants on different versions of RealVNC 
>> Free edition that have encryption added in, such as VeNCrypt, maintained by 
>> myself and Martin Koegler. See http://sourceforge.net/projects/vencrypt for 
>> details.
>>
>>> Googling for VNC exploits appears to imply that there have been many
>>> vulnerabilities
>>> in the past,  and having free source code available only compounds the
>>> security risk.
>>
>>
>> Open source does not make it any more/less secure than any other solution.  
>> Many security schemes are open, either from open source implementations or the 
>> algorithm is publicly known.  There is no security in hiding your method  - 
>> considerably less in fact, since that means fewer people can analyse the 
>> situation.  For example, ssh is open source but considered a very secure 
>> mechanism.
>>
>> Stewart Becker
>> _______________________________________________
>> VNC-List mailing list
>> VNC-List "at" realvnc.com
>> To remove yourself from the list visit:
>> http://www.realvnc.com/mailman/listinfo/vnc-list