VNC always gets a bad rap, we had an auditor tell us the same thing. VNC is just like a knife; if you are careful and are always aware of what you are doing - you don't get cut. If you get reckless and sloppy you're going to get hurt. If you are connecting via a VPN to machines that are isolated from the outside world, except for a website perhaps, then you should be fine. Of course without knowing your specific configuration I can't vouch for more than that. Trusting anything to be 100% secure is dangerous IMHO; better doubtful and humble than prideful then ashamed.
My 0.02, Floyd Russell |> -----Original Message----- |> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On |> Behalf Of Robert Gillis |> Sent: Wednesday, August 28, 2002 10:55 AM |> To: [EMAIL PROTECTED] |> Subject: RE: VPN and VNC |> |> |> Thanks. |> |> One more question. |> We had an auditor in here the last few days (non-profit national org so |> we get the vists once a year) when he heard we were looking at vnc he |> said "it has a lot of holes and can be easily hacked". Is that so? |> |> I got the feeling that he just wanted to recommend his own solutions - |> my thought process is this - If I am running VNC internally - it is as |> secure as my network is. If I am running it across my VPN via NetScreen |> - it is as secure as my VPN. IS that the case? Or am I missing |> simething here? |> |> Thanks again. |> |> Rob |> |> -----Original Message----- |> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On |> Behalf Of Beerse, Corni |> Sent: Wednesday, August 28, 2002 3:17 AM |> To: '[EMAIL PROTECTED]' |> Subject: RE: VPN and VNC |> |> |> > -----Original Message----- |> > From: [EMAIL PROTECTED] |> > |> > Hello - just getting into the VNC area, have a situation that I am |> > searching thru the archives for a possible solution to. I have several |> |> > users who come in on a VPN controlled by NetScreen firewall. |> > I have installed on one of the test machines the VCN server software. |> > When they attach via the LAN, I can run the client VCN and function |> > fine. |> > However, when they VPN in, they are unable to be reached. They can |> > browse the network , reach all resourses - no issues there. |> > Just cannot |> > seem to reach them via the VCN client. |> |> First see if you can ping from the vncviewer machine to the vncserver |> machine. (if ping is passed trough the firewall) |> |> For vnc, the major communciation is for the rfb protocol on port 5900 |> (add display number as display :4 is on 5904). See if you can telnet |> from the viewer machine to the server machine on port 5900 `telnet |> vncservermachine 5900`. This should give a message like "rfb xxx.yyy". |> |> |> > |> > I thought perhaps I needed to change a firewall setting, but |> > since they |> > are now on the network - is that really needed? |> > |> |> Yep, open the used port: 5900 + displaynumber for the rfb communication. |> |> CBee |> _______________________________________________ |> VNC-List mailing list |> [EMAIL PROTECTED] |> http://www.realvnc.com/mailman/listinfo/vnc-list |> _______________________________________________ |> VNC-List mailing list |> [EMAIL PROTECTED] |> http://www.realvnc.com/mailman/listinfo/vnc-list |> _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
