Security Basics mailing list archives
Re: vnc server
From: Albert Gonzalez <incodeblood () gmail com>
Date: Mon, 23 Jan 2006 20:45:42 -0600
Hello, If you are using weak-passwords that is always a security risk and not just with VNC. I recommend wrapping VNC in stunnel, since VNC sends the passwd in clear-text. If you can I also recommend filtering out VNC to the IP's that you will be coming from (i.e. work, school, etc..), if this isn't possible... a recent thing that people are talking about is port-knocking, that might add an extra layer of security (obscurity, if you will). So there are a few options that you may want to use, to make things a bit more safer and you can sleep better at night too.. HTH, -Albert On 1/22/06, Jared Lyvers <jared () lewiscommunications com> wrote:
First off, sorry Simon. I ment to send this to the list but sent it to only you instead. Now, on to my real question. I'm looking to use VNC on my windows machine for remote logins. Currently I only have the following open ports: 25/tcp open smtp 80/tcp open http 113/tcp closed auth 1352/tcp open lotusnotes 5902/tcp open vnc-2 5903/tcp open vnc-3 8080/tcp open http-proxy Are there any security problems that I may be over looking by using VNC on my machine? Regards, JL -- // Jared Lyvers // ----------------------- // Director of Interactive // Director of IT // LPI Certified // ----------------------- // www.lewiscommunications.com --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
--------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: readnotify.com, (continued)
- RE: readnotify.com evb (Jan 25)
- RE: readnotify.com evb (Jan 27)
- Re: readnotify.com Jim Halfpenny (Jan 26)
- RE: readnotify.com Ebeling, Jr., Herman Frederick (Jan 26)
- Re: readnotify.com Saqib Ali (Jan 27)
- RE: www.readnotify.com Ebeling, Jr., Herman Frederick (Jan 27)
- Re: readnotify.com Ansgar -59cobalt- Wiechers (Jan 27)
- RE: readnotify.com HTRegz (Jan 26)
- RE: readnotify.com Ebeling, Jr., Herman Frederick (Jan 26)
- Re: vnc server Scott C. Best (Jan 26)