A while back, we had a pretty long running and informative thread on VNC security. The only VNC that had real encryption built in was the Enterprise version of RealVNC. UltraVNC had a DSM plug-in but it was pretty nasty to get working and was suffering from compatibility problems. On top of that, it was very difficult to deploy the UltraVNC encryption remotely.
I believe that the solution to this on the Windows side is in the new version of VNCScan at http://www.vncscan.com. While I believe that this version of VNC Scan makes UltraVNC encryption very easy to deploy and use, I'd like to fire up this debate again to see if the ease of encryption changes anyone's view on the security of VNC. I would also like to know if there are any security concerns with the UltraVNC DSM plug-in. Is the encryption with this method considered as secure to you as, say, running VNC through an SSH tunnel? Just for the record, I don't want to take any credit for the UltraVNC encryption. The people working on the open source UltraVNC are awesome and they deserve a huge pat on the back for this plug-in. The contribution that is made with VNC Scan is to make the plug-in very easy to deploy and use. :) The scenario that I'd like to see people test against would be a Windows XP or Windows 2000 computer running UltraVNC 1.0.0 server using MS Windows authentication for VNC and employing the UltraVNC encryption. If you choose to use VNC Scan to deploy this, these are simply check boxes in the deployment wizard. I am very interested in hearing if any security concerns are still out there despite this new encryption scheme. Thank you! Steve Bostedor http://www.vncscan.com The Leader in VNC and Terminal Server Management _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
