[VPN] VNC over VPN, security considerations?
Andy Mason
amason at merx.com
Mon Dec 15 17:32:18 EST 2003
As usual, the answer is: It depends.
In this case, mostly on how paranoid you are. If you trust the non-VPN
parts of the communication path, then you probably don't need to worry much
more about it. Here's what the FAQ has to say about it:
http://www.uk.research.att.com/archive/vnc/faq.html#q55
<http://www.uk.research.att.com/archive/vnc/faq.html#q55>
I run VNC over an SSH connection (that requires RSA keypair login) and I
sleep well at night.
Andy
-----Original Message-----
From: Galeotos, John [mailto:john.galeotos at us.army.mil]
Sent: Monday, December 15, 2003 12:56 PM
To: vpn at lists.shmoo.com
Subject: [VPN] VNC over VPN, security considerations?
Hello,
Well again normally I just sit back and read what you all have to
say, but I've
got another question. For the most part our VPN is up and functional
without
anything more for me to do except load the cisco client software on
to the
machines of the converts. Recently however I have been looking at
uses I could
have for the VPN aside from answering my Emails on my days off.
One of the software products I use on occasion is VNC for remote
control access
and installs of patches, and the like. It looks as if when I do a
search for ports
and VNC I get as many hits telling me that ports 5800 and
5900+display# are the
ones used as I get "VNC port firewall, viren, hackertools, and
exploits." This does
not give me a warm fuzzy about opening those ports so that I could
use VNC
over the VPN.
So my question is simply: "What are the considerations and
mitigating steps
that I could take if we decided to open these ports up? Or...is it
simply a very
bad idea?
Thanks for your time. I'll go back to reading for the most part
again.
John Galeotos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/vpn/attachments/20031215/fdfbd9f7/attachment.htm
More information about the VPN
mailing list