With regards to VNC there are a few security implications which you should be aware of before you install it. - Passwords are easily brute forced. Apparently it only uses the first 8 characters for the password and discards the rest. - By default, sessions are unencrypted so be careful. And the source code is apparently widely available on the web for VNC. - The Some versions of VNC used a fixed key for its 3DES encryption. So it would be easy to figure out the password via a password cracker. Passwords are also stored in the registry so they are easy to extract. Tony Lyne Senior Systems Engineer Computerland Central P O Box 1470 PALMERSTON NORTH Telephone (+64) 06 3537300 Facsimile (+64) 06 3566800 Mobile (+64) 0274 720696 E-mail Tony.Lyne@xxxxxxxxxxxxxxxxxx Internet http://www.computerland.co.nz CAUTION: This e-mail message and accompanying data may contain information that is confidential and subject to privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. If you have received this e-mail in error, please notify me immediately and delete all material pertaining to this e-mail. Thank you. -----Original Message----- From: Daryl Ehrenheim [mailto:d.ehrenheim@xxxxxxxxxxxx] Sent: Friday, 20 August 2004 6:59 a.m. To: 'windows2000@xxxxxxxxxxxxx' Subject: [windows2000] Re: VNC It doesn't work the same as PCanywhere that I am aware of. You don't quite have the ability to lockout each user, however, you could assign each user a password that is specific to their machine only. Each VNC server allows you to assign a different password. Then just let that user know the password and be sure that they don't give it away to someone else in the organization. I use RealVNC and it is working fine for my purposes. Daryl -----Original Message----- From: Puetz, Christoph (TH USA) [mailto:christoph.puetz@xxxxxxxxxxx] Sent: Thursday, August 19, 2004 10:53 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: VNC What I am concerned about is that I would rather make sure I can specify by user who has logon privileges. I am not familiar with the app. But I remember from PCAnywhere that you can set logon privileges by even using domain authentication. Is something similar possible with VNC at all? Christoph -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jensen, Douglas Sent: Thursday, August 19, 2004 11:35 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: VNC The security will be provided by the VPN security you set up. After that, the person has to know the computer name or IP address of the computer and the VNC password and then the network user name and password to log in to the computer. Seems to me that as long as you allow a VPN into the network, you are not exposing much more risk. It seems like the same security risk as allowing a VPN to the network and then a Terminal Server session. Douglas Jensen Douglas.Jensen@xxxxxxxxxxxxx Voice (952) 402-9821 Fax (952) 402-9815 Network Administrator Scott Carver Dakota CAP Agency, Inc. 712 Canterbury Road Shakopee, MN 55379 www.capagency.org -----Original Message----- From: Puetz, Christoph (TH USA) [mailto:christoph.puetz@xxxxxxxxxxx] Sent: Thursday, August 19, 2004 12:28 PM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] VNC Some folks here want to use VNC for remote access to their machines (after connecting to the network via VPN). I am concerned about security. And as I am not that familiar with VNC - can it be locked down and controlled from an administrative point of view? Which version would be preferred from a security standpoint? As an example - I see TightVNC and VNC. Any feedback would be appreciated. Christoph ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm