Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] VNC through the firewall

To: "'Ivan Fox'" <[email protected]>, Firewall-1 <[email protected]>
Subject: RE: [FW1] VNC through the firewall
From: Scott Hunter <[email protected]>
Date: Thu, 14 Dec 2000 13:34:37 -0500
Sender: [email protected]

Title: RE: [FW1] VNC through the firewall

From http://www.uk.research.att.com/vnc/faq.html

Q53 How secure is VNC?
Access to your VNC desktop generally allows access to your whole environment, so security is obviously important. VNC uses a challenge-response password scheme to make the initial connection: the server sends a random series of bytes, which are encrypted using the password typed in, and then returned to the server, which checks them against the 'right' answer. After that the data is unencrypted and could, in theory, be watched by other malicious users, though it's a bit harder to snoop a VNC session than, say, a telnet, rlogin, or X session. Since VNC runs over a simple single TCP/IP socket, it is easy to add support for SSL or some other encryption scheme if this is important to you, or to tunnel it through something like SSH or Zebedee.

SSH allows you to redirect remote TCP/IP ports so that all traffic is strongly encrypted, and this can be combined with VNC. SSH can also compress the encrypted data - this can be very useful if using VNC over slow links. See the 'Using SSH with VNC' page. Zebedee is a similar system which can be sometimes simpler to use. You can find info here.

While we're on the subject of security, you should also be aware that only the first 8 characters of VNC passwords are significant. This is because the 'getpass' call used in the Unix server to read a password has this restriction, and the other platforms have been made compatible with this.

Ray Jones <[email protected]> has built a version of VNC which uses SSLeay public key encryption, and Wolfram Gloger <[email protected]> has built Xvnc with the TCP Wrapper library, allowing you more control over which hosts are allowed to connect. See the contribs page for details.

-----Original Message-----
From: Ivan Fox [mailto:[email protected]]
Sent: Wednesday, December 13, 2000 5:30 PM
To: Firewall-Wizards@Nfr. Net; Firewalls@Lists. Gnac. Net; Firewall-1
Subject: [FW1] VNC through the firewall

I understand that the ip and password for using VNC are encrypted, but the
data are not. Please correct me:

VNC is a very thin client. Are "data" passing through the wire are key
strokes, mouse strokes, screen display? Are sniffer able to capture NT id
and password when logging onto an NT domain using VNC.

Any comments are appreciated.

Thanks,

Ivan

================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] VNC through the firewall
Next by Date: Re: [FW1] VNC through the firewall
Previous by thread: RE: [FW1] VNC through the firewall
Next by thread: Re: [FW1] VNC through the firewall
Index(es):
- Date
- Thread