?
Solved

How secure is a vnc terminal

Posted on 2005-03-01
13
Medium Priority
?
433 Views
Last Modified: 2010-04-22
Hi,

How easy is it for a user to hack into a server that serves encrypted vnc terminals out over the internet, each user has access to a KDE desktop with a lot of apps and the shell, have a look at http://www.workspot.com for an example.

Thanks
Steve
0
Comment
Question by:iqula
13 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13428716
0
 

Author Comment

by:iqula
ID: 13429149
Thanks for that, so if encrypted between the server and client it is secure but what about the unknown user that is logging in like in the case of workspot.com, will they be able to hack the system now that they have an account?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13429937
if they have an account they probably may try to hack the system, they at least have the posibillity to do it ;-)
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 12

Expert Comment

by:Phil_Agcaoili
ID: 13442630
ahoffmann's link is good.

Do you have a firewall? I would place specific filters to block the subnets that you do not trust from anything on your network.

You also need to monitor your accounts if you are afraid of someone accessing your systems.

I've had pesky folks going after large ISPs and it's a constant battle.  Hopefully, with the right ACLs and vigilant monitoring, they will go away.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13442909
with VNC and VPN you tunnel any firewall, it's the nature of such things ;-)
0
 

Author Comment

by:iqula
ID: 13445754
Have a look at cosmopod .com you will understand my concerns
0
 
LVL 88

Expert Comment

by:rindi
ID: 13446250
If you make sure that account only has access to it's own environment and not below, then it should only be possible to hack that account, but not anything more lowlevel in the system (chroot).
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13447345
> How easy is it for a user to hack into a server that serves encrypted vnc terminals out over the internet,
see my link in http:#13428716
if the connection is SSL, somehow, it is pracktical not realistic to hack it (with current hard- and sortware)
But If I'd to hack such a system I'd do it from inside using an account, then it's rather easy: you just need to find *one* vulnerable program, check securitfocus.com for example (that's what I said in http:#13429937 )
0
 

Author Comment

by:iqula
ID: 13448628
ahoffmann thanks for that so my first point of concern is actually within the desktop as anyone can register a cosmopod.com account and terminal in, by the sound of it as long as all the apps remain patched the setup should hold?
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 2000 total points
ID: 13449271
> .. as long as all the apps remain patched the setup should hold?
hmm, you have to keep your host and *all* guests up-to-date
and also assuming that noone finds a day-0 exploit ;-)
0
 

Author Comment

by:iqula
ID: 13449526
thanks mate, I'll sleep a lot better tonight, I'm a n00b!
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13449562
sleep well, a don't dream of day-0 attacks :-))
0
 

Author Comment

by:iqula
ID: 13449725
day-0 attacks, i quite like that sounds like sci-fi movie!
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Fine Tune your automatic Updates for Ubuntu / Debian
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses
Course of the Month9 days, 17 hours left to enroll

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question