Security Basics mailing list archives
Re: pcAnywhere question
From: "Michael Puchol" <mpuchol () sonar-security com>
Date: Thu, 2 Dec 2004 23:57:25 +0100
Hi, Just make sure you are talking about the Enterprise version of RealVNC, which does have AES, and authentication of server and viewer. The standard VNC protocol is non-encrypted, and the password security is laughable. In TightVNC implementations you type a password over 8 characters at the server configuration, and you are nicely reminded that only the first 8 characters will be used anyway. I run TightVNC over SSH2, which benefits from the extra compression the tunnel provides. I use strong auth at the SSH2 stage, with other filtering added at lower layers, so it's pretty safe that way. Best regards, Mike ----- Original Message ----- From: "Stephane Auger" <stephaneauger () pre2post com> To: "Brian Bemis" <brian_bemis () hotmail com>; <security-basics () securityfocus com> Sent: Wednesday, December 01, 2004 8:46 PM Subject: RE: pcAnywhere question Hi, I'm using Remote Desktop to manage my Windows XP clients and Windows 2000/2003 servers. It runs pretty good, but we have VPNs set up for when we connect. The encryption in Terminal Services, in my opinion, is good but a VPN's always the best solution, and adds almost no overhead. A second nice solution is VNC (www.realvnc.com), which projects the desktop as if you were locally connected, unlike Terminal Services which is a remote session. I usually have both enabled. That way, I used remote desktop, and if I need to do something "locally", or TS crashes, VNC's available as a backdoor. VNC also has encryption and password protection. Stephane Auger -----Original Message----- From: Brian Bemis [mailto:brian_bemis () hotmail com] Sent: December 1, 2004 12:58 PM To: 'Shawn Wall'; 'Ivan C' Cc: security-basics () securityfocus com Subject: RE: pcAnywhere question To add on to (or branch off from) this question, does anyone have any experience with WindowsXP Remote Desktop? Any specific security concerns with this built-in software? I've read that you can increase the encryption to 128-bit, but by just doing this is it sufficient enough or is a VPN also necessary in this situation? Brian -----Original Message----- From: Shawn Wall [mailto:sjwall () shaw ca] Sent: Monday, November 29, 2004 10:04 PM To: 'Ivan C' Cc: security-basics () securityfocus com Subject: RE: pcAnywhere question If you must use PCAnywhere, use it through a VPN. MS W2K has native support for PPTP. shawn -----Original Message----- From: Ivan C [mailto:incman () hotmail com] Sent: Sunday, November 28, 2004 5:05 PM To: security-basics () securityfocus com Subject: pcAnywhere question Hi All, Looking at deploying pcAnywhere on the internet facing interface of a windoz 2000 server for remote management and would like any feed back as to: - the vulnerabilities of the pcanywhere application - can the login be brute forced any other feedback is appreciated Thanks Henry _________________________________________________________________ Click here for the latest chart ringtones: http://ringtones.com.au/ninemsn/control?page=/ninemsn/main.jsp
Current thread:
- RE: pcAnywhere question Brian Bemis (Dec 01)
- <Possible follow-ups>
- RE: pcAnywhere question Trevor Cushen (Dec 01)
- Re: pcAnywhere question Travis Foley (Dec 02)
- RE: pcAnywhere question Stephane Auger (Dec 02)
- Re: pcAnywhere question Michael Puchol (Dec 03)
- vnc through ssh for windows NoSpam (Dec 06)
- Re: vnc through ssh for windows Michael Puchol (Dec 07)
- Re: vnc through ssh for windows SMiller (Dec 10)
- Re: pcAnywhere question Michael Puchol (Dec 03)
- RE: pcAnywhere question Eric McCarty (Dec 02)