Security Basics mailing list archives
Re: VNC
From: Glen Mehn <glen () myvest com>
Date: Fri, 31 Jan 2003 10:47:24 -0800
Megan Golding wrote:
Well, enforcing the VNC-over-ssh with port filtering would definitely fit the bill, IMO, but that adds a (small) layer of work on top of it. The issues with VNC seem to mostly be:On Wed, 2003-01-29 at 13:08, Marty wrote:My question is simple is the latest version of VNC better than the previous ones and should we allow our tech group to use it to take control of our machines (servers and workstations)...I highly suggest running VNC over an SSH tunnel -- it doesn't noticeably degrade VNC performance and adds the security element VNC seems lacking. When run this way, VNC is no riskier than SSH...in which case I would have no problem with a tech group using it for remote administration.
--trivially encoded passwords, with a well-known/reversible hash and salt --the simple ability to brute-force the passwordIn investigating VNC, I also found that you can (somewhat) mitigate the latter problem by enforcing a "lockout after $num failed attempts.
-g -- Glen Mehn glen () myvest com Systems Administrator MyVest, LLC