Security and compliance
With great power comes responsibility. Our software is built from the ground up with security in mind, so you can balance the access and control you need with the complete privacy regulations require.
Our fundamental security principles
You don't have to trust RealVNC as a company to trust our solutions and services
We do not store your session data, and it cannot be decrypted now or in the future
Every connection is treated as though made in a hostile environment
The remote computer ultimately decides who is able to connect
Security features of the VNC SDK
For equivalent information for VNC Connect, please see this page.
Whether you connect devices via RealVNC’s VNC Cloud service or directly over a LAN, end-to-end 128-bit AES encryption is mandatory, and can be upgraded to 256-bit.
Perfect forward secrecy
Every connection uses the latest version of RealVNC’s proprietary RFB 5 protocol, so sessions cannot be decrypted now or in the future, by RealVNC or anyone else.
VNC Cloud automatically verifies each endpoint’s identity using 2048-bit RSA keys, to prevent MITM attacks. For direct connections, you can implement identity verification yourself.
If you connect devices using VNC Cloud service, there’s no need to port forward routers or open holes in firewalls.
Secure HTTPS communication
All communications with VNC Cloud use HTTPS, with TLS certificates checked against well-known CAs.
The SDK automatically prompts connecting users for credentials out-of-the-box. You can implement multiple additional factors of authentication yourself.
By default, connecting users who fails to authenticate property are backlisted, to deter brute-force, dictionary and DoS attacks. It’s easy to configure frequency and timeouts.
Make connected users view-only, or restrict their ability to exercise control or copy and paste text, either before or mid-session.
Send any quality or quantity of connection metadata to a destination provided by the VNC SDK, or to a custom location.
<Your security feature here>
It’s easy to write code to filter out direct connections from particular IP addresses, prompt computer owners to verify connecting users, and more.