Security and compliance

With great power comes responsibility. Our software is built from the ground up with security in mind, so you can balance the access and control you need with the complete privacy regulations require.

Our fundamental security principles

securitypage

You don't have to trust RealVNC as a company to trust our solutions and services

securitypage principal2

We do not store your session data, and it cannot be decrypted now or in the future

securitypage-principal3

Every connection is treated as though made in a hostile environment

securitypage principal

The remote computer ultimately decides who is able to connect

Security features of the VNC SDK

For equivalent information for VNC Connect, please see this page.

MandatoryEncrypction-Colour-width-184

Mandatory encryption

Whether you connect devices via RealVNC’s VNC Cloud service or directly over a LAN, end-to-end AES encryption up to 256-bit is mandatory.

Perfect forward secrecy

Every connection uses the latest version of RealVNC’s proprietary RFB 5 protocol, so sessions cannot be decrypted now or in the future, by RealVNC or anyone else.

PerfectForwardSecurity
IdentityChecking-Colour

Identity checking

VNC Cloud automatically verifies each endpoint’s identity using 2048-bit RSA keys, to prevent MITM attacks. For direct connections, you can implement identity verification yourself.

NAT traversal

If you connect devices using VNC Cloud service, there’s no need to port forward routers or open holes in firewalls.

NAT-Traversal-Colour
SecureHTTPS Communication Colour

Secure HTTPS communication

All communications with VNC Cloud use HTTPS, with TLS certificates checked against well-known CAs.

Username/password authentication

The SDK automatically prompts connecting users for credentials out-of-the-box. You can implement multiple additional factors of authentication yourself.

Username-PassordAuthentication-Colour
AutoBlacklisting-Colour

Automatic blacklisting

By default, connecting users who fails to authenticate property are blacklisted, to deter brute-force, dictionary and DoS attacks. It’s easy to configure frequency and timeouts.

Session permissions

Make connected users view-only, or restrict their ability to exercise control or copy and paste text, either before or mid-session.

SessionPermission-Colour
AuditLogging-Colour

Audit logging

Send any quality or quantity of connection metadata to a destination provided by the VNC SDK, or to a custom location.

Your security feature here…

It’s easy to write code to filter out direct connections from particular IP addresses, prompt computer owners to verify connecting users, and more.

YourSecurityFeatureHere-Colour

Resources for the VNC SDK

For equivalent resources for VNC Connect, please see this page.

DeveloperSecurityButton

Security whitepaper

An overview of the features, policies and controls that keep your computers and data protected wherever you are.

securitypage-resources-rfb-test

RFB 5 security analysis

An analysis of the security aspects of the latest version of the RFB protocol, from our in-house Security team.

securitypage

PCI DSS compliance

Learn how to enjoy the benefits of remote access without sacrificing PCI DSS compliance.

securitypage-resources-privacy-test

HIPAA compliance

Learn how to enjoy the benefits of remote access without sacrificing HIPAA compliance.

Need more information?

Get in touch if you want to speak to a member of our Security team.