« Back to docs

Security features

VNC Connect is designed with security in mind, to ensure your remote access experience is safe.

For more information, download our security white paper and RFB 5 protocol summary.

Security features built-in to VNC Server and VNC Viewer

Security feature Benefit Subscription Available? Notes
Multiple authentication schemes Password-protects VNC Server to prevent unauthorized access. Enterprise YES (three schemes) Choose from system authentication (the default), single sign-on, or VNC password (that is, a password specific to VNC Server).
Professional YES (two schemes) Choose from system authentication or VNC password.
Home YES (one scheme) Only VNC password is available.
Encrypted connections Prevents malicious entities able to intercept network traffic from deciphering or tampering with packets. Enterprise YES 128-bit AES by default. Upgradeable to 256-bit AES
Professional YES 128-bit AES.
Home YES
Memorable catchphrases Allows connecting VNC Viewer users to verify a unique VNC Server identity, to ensure the actual destination is the intended one and not a man-in-the-middle. Enterprise YES  
Professional YES
Home YES
Lock down using policy Prevents users configuring VNC Server. Enterprise YES  
Professional NO
Home NO
VNC permissions Restricts remote control features to particular VNC Viewer users while connections are in progress. Enterprise YES  
Professional YES
Home NO
Blacklisting Bars VNC Viewer users who fail to authenticate properly, detering port scanning and brute-force attacks. Enterprise YES  
Professional YES
Home YES
IP address filtering Prevents direct connections from computers with particular IP addresses. Enterprise YES  
Professional NO
Home NO
Screen blanking Protects the privacy of VNC Viewer users by blanking the screen of the VNC Server computer while connections are in progress. Enterprise YES Windows 7 and earlier only.
Professional YES
Home YES
Gatekeeping Enables a VNC Server user (or an already-connected VNC Viewer user) to approve or reject other users attempting to connect. Enterprise YES  
Professional YES
Home YES
View-only connections Prevents interaction by connected VNC Viewer users. Enterprise YES VNC Server permissions can be used to make connections view-only for particular VNC Viewer users on a case-by-case basis.
Professional YES
Home YES Either all connections are view-only, or none are.
Idle timeout Terminates non-responsive connections. Enterprise YES  
Professional YES
Home YES
Exclusive access Allows only one VNC Viewer user to connect to VNC Server at a time. Enterprise YES  
Professional YES
Home YES
Audit logging Records connection attempts, whether successful or not. Enterprise YES  
Professional YES
Home YES
Signed binaries Identifies RealVNC Ltd. Enterprise YES Windows only.
Professional YES
Home YES

Security policy for RealVNC’s online systems and services

From August 2016, you can create a RealVNC account and sign in to both VNC Server and VNC Viewer in order to automatically discover remote computers, seamlessly connect, and backup and sync your address book between devices.

The following policies, technologies and controls apply to RealVNC’s online systems and services:

  • The following data is securely backed up and synced for each connection to a remote computer: any friendly name, any per-connection settings, the username you authenticate to VNC Server with, VNC Server’s cryptographic signature, the remote computer’s IP address or hostname and MAC address and, optionally, a desktop preview.

    Note that the remote access password (that is, the password you authenticate to VNC Server with, that you’ve asked VNC Viewer to remember) is not backed up and synced. Under Windows, remote access passwords are encrypted with your system login credentials, and under Mac, using a key stored in the OS X keychain. Under Linux, remote access passwords are obfuscated on the file system, and protected by file system permissions; we additionally recommend using the VNC Viewer File > Preferences > Privacy menu option to set a master password under Linux.

  • Communications with RealVNC’s account management services are secured with HTTPS, using a strong encryption protocol (TLS 1.2) and cipher suite. The public keys of all certificate authorities are pinned using a whitelist.

  • Account passwords are stored using bcrypt hashes with a random salt.

  • All session data sent during a remote control session between VNC Viewer and VNC Server (including remote access passwords) is end-to-end encrypted using modern ciphers. These sessions are protected by perfect forward secrecy and cannot be decrypted by RealVNC now or in the future.

  • RealVNC servers are located in data centers which meet today’s strict industry certification and audit requirements.

  • Use of your data is governed by our privacy policy.

  • Access to live services is restricted to authorized employees only.

  • RealVNC’s dedicated security team is integrated into all stages of the software development lifecycle.

  • Services are regularly patched and configuration reviewed to ensure the latest industry-standard protections are in place.

  • Industry trends are constantly monitored in order to evaluate and update security.

×