Security Basics mailing list archives

Re: vnc server

From: Albert Gonzalez <incodeblood () gmail com>
Date: Mon, 23 Jan 2006 20:45:42 -0600

Hello,

If you are using weak-passwords that is always a security risk and not
just with VNC. I recommend wrapping VNC in stunnel, since VNC sends
the passwd in clear-text. If you can I also recommend filtering out
VNC to the IP's that you will be coming from (i.e. work, school,
etc..), if this isn't possible... a recent thing that people are
talking about is port-knocking, that might add an extra layer of
security (obscurity, if you will). So there are a few options that you
may want to use, to make things a bit more safer and you can sleep
better at night too..

HTH,

-Albert

On 1/22/06, Jared Lyvers <jared () lewiscommunications com> wrote:

First off, sorry Simon.  I ment to send this to the list but sent it to
only you instead.

Now, on to my real question.

I'm looking to use VNC on my windows machine for remote logins.  Currently
I only have the following open ports:

25/tcp   open   smtp
80/tcp   open   http
113/tcp  closed auth
1352/tcp open   lotusnotes
5902/tcp open   vnc-2
5903/tcp open   vnc-3
8080/tcp open   http-proxy

Are there any security problems that I may be over looking by using VNC on
my machine?

Regards,

JL

--

// Jared Lyvers
// -----------------------
// Director of Interactive
// Director of IT
// LPI Certified
// -----------------------
// www.lewiscommunications.com


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

RE: readnotify.com, (continued)
- - - RE: readnotify.com evb (Jan 25)
    - RE: readnotify.com evb (Jan 27)
  - Re: readnotify.com Jim Halfpenny (Jan 26)
    - RE: readnotify.com Ebeling, Jr., Herman Frederick (Jan 26)
    - Re: readnotify.com Saqib Ali (Jan 27)
    - RE: www.readnotify.com Ebeling, Jr., Herman Frederick (Jan 27)
    - Re: readnotify.com Ansgar -59cobalt- Wiechers (Jan 27)
  - RE: readnotify.com HTRegz (Jan 26)
    - RE: readnotify.com Ebeling, Jr., Herman Frederick (Jan 26)
- PGP 8.0 Ebeling, Jr., Herman Frederick (Jan 24)
- Re: vnc server Albert Gonzalez (Jan 24)
- Re: vnc server ilaiy (Jan 24)
- Re: vnc server Robert J. Stull (Jan 25)
- Re: vnc server phunked up! (Jan 25)
- Re: vnc server xyberpix (Jan 30)
- Re: vnc server hytham . a (Jan 24)
  - Re: vnc server Scott C. Best (Jan 26)
- RE: vnc server Steveb (Jan 25)
- RE: vnc server Malaspinas, Spyro (Jan 26)