We help IT Professionals succeed at work.

VNC Security Issues

credog
credog asked
on
I am trying to evaluate the use of VNC or tightvnc.  In the following scenario I'd like to get some feedback of the potential risks before I ok the use.  

The system on my lan will initiate a connection to a VNC server over the Internet to a trusted site to generate some data that will be used on our lan.  Since the client on my lan and not the server I don't see a huge security risk except the following:

1. Traffic is unencrypted
2. Passwords used on most VNC servers are pretty week even though it is encrypted.  Don't really see how that would be my problem though.
3. Requires opening a port at the server end, but again I don't see how that is a issue for the client lan.
4. Not sure, but if the client connects to a Linux VNC server and issues a su command  and enters a password, that may be unencrypted.  If the su password is the same as a system on my network (users like to use the same pass everywhere) I guess that could expose a password on my network.
5. Not knowing the security posture of the remote server could open up a client to compromise?  If the remote server is compromised and our client connets to it, is it possible that the server end can do "something" to the client end?

Anything else to consider in this scenario?  I know vnc can be tunneled through ssh, but I am not sure that this is a option for this particular server.  
Comment
Watch Question

AWS System Administrator
CERTIFIED EXPERT
Commented:
2 and 4 are user problems, and not so much issues with VNC.

3 isn't always a big deal, and you can also have it to where you have the client in listen mode, and so you have someone tell the server to connect to your client when you need to remotely use the server.

as far as 5 goes, you won't have to worry about a compromised server taking control of a connecting client.

Why would you say SSH tunneling isnt an option?
Keith BrownAWS System Administrator
CERTIFIED EXPERT

Commented:
I was wondering if you had got all the information needed to answer your questions, since you did not follow up.

Author

Commented:
I need some additional help with this,but have been side tracked.  For now I am closing this and will visit this issue again in the near future. Your initial response has been very helpful.  Thank You.