According to the authors of VNC (FAQ section):
Q51 How secure is VNC?
Access to your VNC desktop generally allows access to your whole
environment, so security is obviously important. VNC uses a
challenge-response password scheme to make the initial connection:
the server sends a random series of bytes, which are encrypted using
the password typed in, and then returned to the server, which checks
them against the 'right' answer. After that the data is unencrypted
and could, in theory, be watched by other malicious users, though
it's a bit harder to snoop a VNC session than, say, a telnet, rlogin,
or X session. Since VNC runs over a simple single TCP/IP socket, it is
easy to add support for SSL or some other encryption scheme if this
is important to you, or to tunnel it through something like SSH.
They basically say "it is not secure".
What does this mean in practice?
- Session hijacking, once the session is established it might be
hijacked using ARP spoofing, ICMP Redirects, BGP Injection,
RIP spoofing or any other redirection method. All standard
TCP sequence prediction problems apply.
- Man-in-the-middle attacks: Evil Attacker(tm) fools the client
to connect to him/her instead of the actual server (via DNS
spoofing or any of the spoofs above), connects to the server,
gets the random challenge, sends the challenge to the client,
gets the response from the client and sends it to the server.
Voila! Straight connection from attacker to server.
As you can see, this is "not secure". This was not intended
by the authors:
Q52 Are you going to make it more secure?
We do hope eventually to add better security to VNC, but there's
also a good argument for not doing so. If security is a concern,
it can be better to use a single system such as SSH or FreeS/WAN
to encrypt all your traffic, rather than relying on the individual
packages to do the right thing. Then, if you decide in a year's
time that one system is too easily crackable, you can replace it
yourself and all of your communications will benefit. It may also
be easier to fit in with corporate security systems this way.
Executive summary:
Would you allow vanilla telnet to your protected machines?
Probably not.
If you need to run VNC over an untrusted network, tunnel it through
something More Secure(tm), such as SSH or IPSec.
A-a-a! Did I hear someone say "Okay, I'll use PPTP"?
Read Bruce Schneier and Mudge's analysis of
PPTP: http://www.counterpane.com/pptp.html
PPTPv2: http://www.counterpane.com/pptpv2-paper.html
Go with IPSec if you want to use a VPN mechanism; it's an
established standard.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 11 October 1999 13:39
To: [EMAIL PROTECTED]
Subject: VIRTUAL NETWORK COMPUTER
this is a little off topic but still it relates to security and
firewall in a sense.
Has anybody used this without problem and compromising security.
http://www.uk.research.att.com/vnc
kashif
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
