[windows2000] Re: VNC
- From: "Tony Lyne" <Tony.Lyne@xxxxxxxxxxxxxxxxxx>
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Fri, 20 Aug 2004 09:47:07 +1200
Did V4 fix the problems with the fixed key?
Tony Lyne
Senior Systems Engineer
Computerland Central
P O Box 1470
PALMERSTON NORTH
Telephone (+64) 06 3537300
Facsimile (+64) 06 3566800
Mobile (+64) 0274 720696
E-mail Tony.Lyne@xxxxxxxxxxxxxxxxxx
Internet http://www.computerland.co.nz
CAUTION: This e-mail message and accompanying data may contain information that
is confidential and subject to privilege. If you are not the intended
recipient, you are notified that any use, dissemination, distribution or
copying of this message or data is prohibited. If you have received this e-mail
in error, please notify me immediately and delete all material pertaining to
this e-mail. Thank you.
-----Original Message-----
From: Moby [mailto:moby@xxxxxxxxxxxxxx]
Sent: Friday, 20 August 2004 9:19 a.m.
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: VNC
As always, workaround are available :)
- Version 4 does not have the limitation of using only the first eight
characters of the password.
- Sessions are unencrypted because it is easy to run VNC in an SSH tunnel.
Abundant documentation about this with almost step by step instructions can be
had at their web site.
- Use the latest version, version 4
--Moby
They that can give up essential liberty to obtain a little temporary safety
deserve neither liberty nor safety. -- Benjamin Franklin
First they came for the Jews and I did not speak out because I was not a Jew.
Then they came for the Communists and I did not speak out because I was not a
Communist.
Then they came for the trade unionists and I did not speak out because I was
not
a trade unionist.
Then they came for me and there was no one left to speak out for me. --
Pastor
Martin Niemöller
Tony Lyne wrote:
> With regards to VNC there are a few security implications which you should be
> aware of before you install it.
>
> - Passwords are easily brute forced. Apparently it only uses the first 8
> characters for the password and discards the rest.
>
> - By default, sessions are unencrypted so be careful. And the source code is
> apparently widely available on the web for VNC.
>
> - The Some versions of VNC used a fixed key for its 3DES encryption. So it
> would be easy to figure out the password via a password cracker. Passwords
> are also stored in the registry so they are easy to extract.
>
>
> Tony Lyne
> Senior Systems Engineer
> Computerland Central
> P O Box 1470
> PALMERSTON NORTH
> Telephone (+64) 06 3537300
> Facsimile (+64) 06 3566800
> Mobile (+64) 0274 720696
> E-mail Tony.Lyne@xxxxxxxxxxxxxxxxxx
> Internet http://www.computerland.co.nz
> CAUTION: This e-mail message and accompanying data may contain information
> that is confidential and subject to privilege. If you are not the intended
> recipient, you are notified that any use, dissemination, distribution or
> copying of this message or data is prohibited. If you have received this
> e-mail in error, please notify me immediately and delete all material
> pertaining to this e-mail. Thank you.
>
>
>
>
>
> -----Original Message-----
> From: Daryl Ehrenheim [mailto:d.ehrenheim@xxxxxxxxxxxx]
> Sent: Friday, 20 August 2004 6:59 a.m.
> To: 'windows2000@xxxxxxxxxxxxx'
> Subject: [windows2000] Re: VNC
>
> It doesn't work the same as PCanywhere that I am aware of. You don't quite
> have the ability to lockout each user, however, you could assign each user a
> password that is specific to their machine only. Each VNC server allows you
> to assign a different password. Then just let that user know the password
> and be sure that they don't give it away to someone else in the
> organization.
>
> I use RealVNC and it is working fine for my purposes.
>
> Daryl
>
> -----Original Message-----
> From: Puetz, Christoph (TH USA) [mailto:christoph.puetz@xxxxxxxxxxx]
> Sent: Thursday, August 19, 2004 10:53 AM
> To: windows2000@xxxxxxxxxxxxx
> Subject: [windows2000] Re: VNC
>
> What I am concerned about is that I would rather make sure I can specify by
> user who has logon privileges. I am not familiar with the app. But I
> remember from PCAnywhere that you can set logon privileges by even using
> domain authentication. Is something similar possible with VNC at all?
>
> Christoph
>
> -----Original Message-----
> From: windows2000-bounce@xxxxxxxxxxxxx
> [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Jensen, Douglas
> Sent: Thursday, August 19, 2004 11:35 AM
> To: windows2000@xxxxxxxxxxxxx
> Subject: [windows2000] Re: VNC
>
> The security will be provided by the VPN security you set up.
>
> After that, the person has to know the computer name or IP address of the
> computer and the VNC password and then the network user name and password to
> log in to the computer.
>
> Seems to me that as long as you allow a VPN into the network, you are not
> exposing much more risk.
>
> It seems like the same security risk as allowing a VPN to the network and
> then a Terminal Server session.
>
> Douglas Jensen
> Douglas.Jensen@xxxxxxxxxxxxx
> Voice (952) 402-9821
> Fax (952) 402-9815
> Network Administrator
> Scott Carver Dakota CAP Agency, Inc.
> 712 Canterbury Road
> Shakopee, MN 55379
> www.capagency.org
>
>
> -----Original Message-----
> From: Puetz, Christoph (TH USA) [mailto:christoph.puetz@xxxxxxxxxxx]
> Sent: Thursday, August 19, 2004 12:28 PM
> To: windows2000@xxxxxxxxxxxxx
> Subject: [windows2000] VNC
>
> Some folks here want to use VNC for remote access to their machines (after
> connecting to the network via VPN). I am concerned about security. And as I
> am not that familiar with VNC - can it be locked down and controlled from an
> administrative point of view?
>
> Which version would be preferred from a security standpoint? As an example -
> I see TightVNC and VNC.
>
> Any feedback would be appreciated.
>
> Christoph
> ********************************************************
> This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out
> our games to relieve your stress.
> http://www.StressedPuppy.com
> ********************************************************
> To Unsubscribe, set digest or vacation
> mode or view archives use the below link.
>
> http://thethin.net/win2000list.cfm
> ********************************************************
> This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out
> our games to relieve your stress.
> http://www.StressedPuppy.com
> ********************************************************
> To Unsubscribe, set digest or vacation
> mode or view archives use the below link.
>
> http://thethin.net/win2000list.cfm
>
>
> ********************************************************
> This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out
> our games to relieve your stress.
> http://www.StressedPuppy.com
> ********************************************************
> To Unsubscribe, set digest or vacation
> mode or view archives use the below link.
>
> http://thethin.net/win2000list.cfm
> ********************************************************
> This Weeks Sponsor StressedPuppy.com Games
> Feeling stressed out? Check out our games to
> relieve your stress.
> http://www.StressedPuppy.com
> ********************************************************
> To Unsubscribe, set digest or vacation
> mode or view archives use the below link.
>
> http://thethin.net/win2000list.cfm
>
> ********************************************************
> This Weeks Sponsor StressedPuppy.com Games
> Feeling stressed out? Check out our games to
> relieve your stress.
> http://www.StressedPuppy.com
> ********************************************************
> To Unsubscribe, set digest or vacation
> mode or view archives use the below link.
>
> http://thethin.net/win2000list.cfm
>
>
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
