Security and compliance

With great power comes responsibility. Our software is built from the ground up with security in mind, so you can balance the access and control you need with the complete privacy regulations require.

Our fundamental security principles

Principle 1

You don't have to trust RealVNC as a company to trust our solutions and services

Principle 2

We do not store your session data, and it cannot be decrypted now or in the future

Principle 3

Every connection is treated as though made in a hostile environment

Principle 4

The remote computer ultimately decides who is able to connect

Security features of the VNC SDK

For equivalent information for VNC Connect, please see this page.

Developer Features V icon

Mandatory encryption

Whether you connect devices via RealVNC’s VNC Cloud service or directly over a LAN, end-to-end 128-bit AES encryption is mandatory.

Developer Security PFS icon

Perfect forward secrecy

Every connection uses the latest version of RealVNC’s proprietary RFB 5 protocol, so sessions cannot be decrypted now or in the future, by RealVNC or anyone else.

Developer Security ID icon

Identity checking

VNC Cloud automatically verifies each endpoint’s identity using 2048-bit RSA keys, to prevent MITM attacks. For direct connections, you can implement identity verification yourself.

Developer Security NAT icon

NAT traversal

If you connect devices using VNC Cloud service, there’s no need to port forward routers or open holes in firewalls.

Developer Security HTTPS icon

Secure HTTPS communication

All communications with VNC Cloud use HTTPS, with TLS certificates checked against well-known CAs.

Developer Security UP icon

Username/password authentication

The SDK automatically prompts connecting users for credentials out-of-the-box. You can implement multiple additional factors of authentication yourself.

Developer Security Blacklist icon

Automatic blacklisting

By default, connecting users who fails to authenticate property are backlisted, to deter brute-force, dictionary and DoS attacks. It’s easy to configure frequency and timeouts.

Developer Security Perms icon

Session permissions

Make connected users view-only, or restrict their ability to exercise control or copy and paste text, either before or mid-session.

Developer Security Log icon

Audit logging

Send any quality or quantity of connection metadata to a destination provided by the VNC SDK, or to a custom location.

Developer Security Custom icon

<Your security feature here>

It’s easy to write code to filter out direct connections from particular IP addresses, prompt computer owners to verify connecting users, and more.

Resources for the VNC SDK

For equivalent resources for VNC Connect, please see this page.

Developer Security Whitepaper icon

Security whitepaper

An overview of the features, policies and controls that keep your computers and data protected wherever you are.

Download PDF
rfb test

RFB 5 security analysis

An analysis of the security aspects of the latest version of the RFB protocol, from our in-house Security team.

Download PDF
mfa resource

PCI DSS compliance

Learn how to enjoy the benefits of remote access without sacrificing PCI DSS compliance.

Download PDF
privacy resource

HIPAA compliance

Learn how to enjoy the benefits of remote access without sacrificing HIPAA compliance.

Download PDF

Need more information?

Get in touch if you want to speak to a member of our Security team.

Contact us
×