RE: vnc server

["Brent P. Gardner" <brent.gardner () gmail com>]

> -----Original Message-----
> From: Jared Lyvers [mailto:jared () lewiscommunications com] 
> Sent: Sunday, January 22, 2006 8:09 PM
> To: security-basics () securityfocus com
> Subject: vnc server
>
>
> First off, sorry Simon.  I ment to send this to the list but 
> sent it to only you instead.
>
> Now, on to my real question.
>
> I'm looking to use VNC on my windows machine for remote 
> logins.  Currently I only have the following open ports:
>
> 25/tcp   open   smtp
> 80/tcp   open   http
> 113/tcp  closed auth
> 1352/tcp open   lotusnotes
> 5902/tcp open   vnc-2
> 5903/tcp open   vnc-3
> 8080/tcp open   http-proxy
>
> Are there any security problems that I may be over looking by 
> using VNC on my machine?
>
> Regards,
>
> JL
>
> -- 
>
> // Jared Lyvers
> // -----------------------
> // Director of Interactive
> // Director of IT
> // LPI Certified
> // -----------------------
> // www.lewiscommunications.com

By default VNC is unencrypted.  Some flavors have encryption options.  I've
tried only one of these but haven't been able to get it to work properly.  I
have, however, had great success with running VNC over SSL-encrypted tunnels via
stunnel.

Brent Gardner



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------