[windows2000] Re: VNC

  • From: "Tony Lyne" <Tony.Lyne@xxxxxxxxxxxxxxxxxx>
  • To: <windows2000@xxxxxxxxxxxxx>
  • Date: Fri, 20 Aug 2004 09:06:25 +1200

With regards to VNC there are a few security implications which you should be 
aware of before you install it.

- Passwords are easily brute forced. Apparently it only uses the first 8 
characters for the password and discards the rest.

- By default, sessions are unencrypted so be careful. And the source code is 
apparently widely available on the web for VNC.

- The Some versions of VNC used a fixed key for its 3DES encryption. So it 
would be easy to figure out the password via a password cracker. Passwords are 
also stored in the registry so they are easy to extract. 


Tony Lyne
Senior Systems Engineer 
Computerland Central 
P O Box 1470 
PALMERSTON NORTH
Telephone (+64) 06 3537300
Facsimile (+64) 06 3566800
Mobile (+64) 0274 720696
E-mail Tony.Lyne@xxxxxxxxxxxxxxxxxx
Internet http://www.computerland.co.nz
CAUTION: This e-mail message and accompanying data may contain information that 
is confidential and subject to privilege. If you are not the intended 
recipient, you are notified that any use, dissemination, distribution or 
copying of this message or data is prohibited. If you have received this e-mail 
in error, please notify me immediately and delete all material pertaining to 
this e-mail. Thank you.
 




-----Original Message-----
From: Daryl Ehrenheim [mailto:d.ehrenheim@xxxxxxxxxxxx] 
Sent: Friday, 20 August 2004 6:59 a.m.
To: 'windows2000@xxxxxxxxxxxxx'
Subject: [windows2000] Re: VNC

It doesn't work the same as PCanywhere that I am aware of. You don't quite
have the ability to lockout each user, however, you could assign each user a
password that is specific to their machine only. Each VNC server allows you
to assign a different password. Then just let that user know the password
and be sure that they don't give it away to someone else in the
organization. 

I use RealVNC and it is working fine for my purposes.

Daryl 

-----Original Message-----
From: Puetz, Christoph (TH USA) [mailto:christoph.puetz@xxxxxxxxxxx] 
Sent: Thursday, August 19, 2004 10:53 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: VNC

What I am concerned about is that I would rather make sure I can specify by
user who has logon privileges. I am not familiar with the app. But I
remember from PCAnywhere that you can set logon privileges by even using
domain authentication. Is something similar possible with VNC at all?

Christoph 

-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jensen, Douglas
Sent: Thursday, August 19, 2004 11:35 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: VNC

The security will be provided by the VPN security you set up.

After that, the person has to know the computer name or IP address of the
computer and the VNC password and then the network user name and password to
log in to the computer.

Seems to me that as long as you allow a VPN into the network, you are not
exposing much more risk.

It seems like the same security risk as allowing a VPN to the network and
then a Terminal Server session.

Douglas Jensen
Douglas.Jensen@xxxxxxxxxxxxx
Voice (952) 402-9821
Fax    (952) 402-9815
Network Administrator
Scott Carver Dakota CAP Agency, Inc.
712 Canterbury Road
Shakopee, MN 55379
www.capagency.org


-----Original Message-----
From: Puetz, Christoph (TH USA) [mailto:christoph.puetz@xxxxxxxxxxx]
Sent: Thursday, August 19, 2004 12:28 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] VNC

Some folks here want to use VNC for remote access to their machines (after
connecting to the network via VPN). I am concerned about security. And as I
am not that familiar with VNC - can it be locked down and controlled from an
administrative point of view? 

Which version would be preferred from a security standpoint? As an example -
I see TightVNC and VNC.

Any feedback would be appreciated.

Christoph
********************************************************
This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out
our games to relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm
********************************************************
This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out
our games to relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm


********************************************************
This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out
our games to relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts: