We help IT Professionals succeed at work.
Get Started

VNC Security Issues

credog
credog asked
on
539 Views
Last Modified: 2012-05-12
I am trying to evaluate the use of VNC or tightvnc.  In the following scenario I'd like to get some feedback of the potential risks before I ok the use.  

The system on my lan will initiate a connection to a VNC server over the Internet to a trusted site to generate some data that will be used on our lan.  Since the client on my lan and not the server I don't see a huge security risk except the following:

1. Traffic is unencrypted
2. Passwords used on most VNC servers are pretty week even though it is encrypted.  Don't really see how that would be my problem though.
3. Requires opening a port at the server end, but again I don't see how that is a issue for the client lan.
4. Not sure, but if the client connects to a Linux VNC server and issues a su command  and enters a password, that may be unencrypted.  If the su password is the same as a system on my network (users like to use the same pass everywhere) I guess that could expose a password on my network.
5. Not knowing the security posture of the remote server could open up a client to compromise?  If the remote server is compromised and our client connets to it, is it possible that the server end can do "something" to the client end?

Anything else to consider in this scenario?  I know vnc can be tunneled through ssh, but I am not sure that this is a option for this particular server.  
Comment
Watch Question
AWS System Administrator
CERTIFIED EXPERT
Commented:
This problem has been solved!
Unlock 1 Answer and 3 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE