Solved

Real-VNC  Security Issues & General Info

Posted on 2003-10-28
6
2,197 Views
Last Modified: 2010-03-19
I am thinking of using RealVNC to remotely access computers.  However, what are the experts opinions regarding its security, is its use going to make users more vulnerable.

Also, what is the programs reliability like?

And finally, do hardware / software firewalls have to be configured for the use of RealVNC (and programs alike).

Thanks

(I will split points between the best responses).
0
Comment
Question by:semmes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 31

Accepted Solution

by:
qwaletee earned 75 total points
ID: 9638317
First, I woud probably use TightVNC instead of realVNC.  It tends to perform better, while still beig compatible and OS.

Security:

RealVNC "out of the box" supports only a very basic authentication mechanism, a password, which is only hashed.  You can use it in conjunction with SSH for better security.

here are variant versions available that supoprt use of MS Windows authentication.

Reliability:

It tends to have some problems with screen painting, requiring you to request a full screen refresh manually to correct. It occassionally has problems with full page scrolling, also requireing manual refresh.  if you are trying to access a fast-switch XP box, forget it.  Multiple simultaneous logins will blow its mind.

Firewalls have to be configued to let the correct ports through; usually, 5900 is sufficient ina default setup.  As with any port listener, your software firewall will haveto be set to recognize teh VNC daemon as a legitimate object.

Unix server version does not give you access to teh current screen.  It has its own x-windows space.

Other:

No file transfer built in.

Certain keysroke combinaions difficult or impossible

Cannot trap system keystrokes

Screen scaling is terrible.
0
 
LVL 35

Assisted Solution

by:ShineOn
ShineOn earned 25 total points
ID: 9638544
I agree with qwaletee about tightvnc vs realvnc.

My overview of remote-control:

Regardless of how you go, almost any remote-control software is a vulnerability added to your system.  The questions you need to answer, and weight according to the relative importance to your organization, are

1)  Cost  - What is my exposure, dollars and cents, to get this working out of the box?

2)  Performance - How fast will this respond?  What kind of overhead will this add to my network?  How efficiently does it use the bandwidth I have available?

3)  Security - What methods can be used to secure remote-control?  Are there any known vulnerabilities or exploits?  Are there ways to avoid those vulnerabilities or exploits?

Only you can decide the cost/benefit of any solution in this area.  For my dollars, the price/performance of any VNC solution beats any commercial product.  If you want double-blind multiply-secured and encrypted remote control, you can pay for the GoToMyPC service, which is actually a tad better response-wise than VNC, but will have ongoing costs for the service.

There are specific firewall ports that VNC uses (I will not go into that here) but it is easier to use VNC over a firewall or through a VPN than many other remote-control packages.

If you need firewall transparency, high security and features like file transfer and remote reboot, you're better off paying for GoToMyPC, in my opinion.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9638569
Oh, also, GoToMyPC has remote print capability that is much easier to configure and use that that provided by pcAnywhere.   VNC doesn't do remote printing, AFAIK.
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 
LVL 3

Assisted Solution

by:cwp
cwp earned 25 total points
ID: 9644956
Most *VNC don't support file transfers, but TightVNC is developing one (although most of it is in the CVS), and UltraVNC has a limited working solution (limited that there's no deleting remotely or resuming yet).

It has the ability to use some plugins for encryption (but so far I haven't got any of them to work), and the MS Windows authentication sucks at the moment because I don't know how to get it to block incorrect/blank passwords. Falling back to the single password authentication is as secure as what qwaletee said.

As for the reliability of UltraVNC, it comes with a video hook driver that determines exactly which parts of the screen has changed so that the server can only send that particular part to the client. I haven't had any screen refresh problems with this setup, although the performance is very sluggish when accessing from the Internet. However, the developers claim that it feels like you're actually sitting at the computer's console with this driver.

The firewall port depends on what display number you're using and is always 5900 + display number. But like qwaletee said, the default setup is on 5900.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9645037
VNC is very reliable, and I have used it to remote-support desktops over a VPN WAN.  Depending on whose version you choose, it has moderate-to-good security.  If you don't need file transfer or remote print, I would have no problems recommending any VNC.  Performance only suffers, from my experience, when the host PC has high-graphics set (16-bit color or higher) and is running some photographic-type wallpaper like WebShots.  

Man, that really p'd me off when users ran WebShots.  But that's another topic...
0
 
LVL 3

Expert Comment

by:cwp
ID: 9645276
Now that would really suck.

However, I think all of them have the ability to not send the wallpaper info to the client, although it depends on which flavour of VNC for the accessibility of that option (only registry editing for the original VNC, I can't remember what TightVNC has, and UltraVNC has a checkbox right with the properties in the server config dialog box).

> Man, that really p'd me off when users ran WebShots.
If you leave the wallpaper on and tell the client to switch to 256 colors, you can see it turn ugly right before your very eyes. Now go get some revenge on it! ;)
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question