mailing list archives
From: Glen Mehn <glen () myvest com>
Date: Fri, 31 Jan 2003 10:47:24 -0800
Megan Golding wrote:
Well, enforcing the VNC-over-ssh with port filtering would definitely
fit the bill, IMO, but that adds a (small) layer of work on top of it.
The issues with VNC seem to mostly be:
On Wed, 2003-01-29 at 13:08, Marty wrote:
My question is simple is the latest version of VNC better than the
previous ones and should we allow our tech group to use it to take
control of our machines (servers and workstations)...
I highly suggest running VNC over an SSH tunnel -- it doesn't noticeably
degrade VNC performance and adds the security element VNC seems lacking.
When run this way, VNC is no riskier than SSH...in which case I would
have no problem with a tech group using it for remote administration.
--trivially encoded passwords, with a well-known/reversible hash and salt
--the simple ability to brute-force the password
In investigating VNC, I also found that you can (somewhat) mitigate the
latter problem by enforcing a "lockout after $num failed attempts.
Glen Mehn glen () myvest com
Systems Administrator MyVest, LLC
- Re: VNC Glen Mehn (Feb 01)