Home page logo
/

basics logo Security Basics mailing list archives

Re: vnc server
From: Albert Gonzalez <incodeblood () gmail com>
Date: Mon, 23 Jan 2006 20:45:42 -0600

Hello,

If you are using weak-passwords that is always a security risk and not
just with VNC. I recommend wrapping VNC in stunnel, since VNC sends
the passwd in clear-text. If you can I also recommend filtering out
VNC to the IP's that you will be coming from (i.e. work, school,
etc..), if this isn't possible... a recent thing that people are
talking about is port-knocking, that might add an extra layer of
security (obscurity, if you will). So there are a few options that you
may want to use, to make things a bit more safer and you can sleep
better at night too..

HTH,

-Albert

On 1/22/06, Jared Lyvers <jared () lewiscommunications com> wrote:
First off, sorry Simon.  I ment to send this to the list but sent it to
only you instead.

Now, on to my real question.

I'm looking to use VNC on my windows machine for remote logins.  Currently
I only have the following open ports:

25/tcp   open   smtp
80/tcp   open   http
113/tcp  closed auth
1352/tcp open   lotusnotes
5902/tcp open   vnc-2
5903/tcp open   vnc-3
8080/tcp open   http-proxy

Are there any security problems that I may be over looking by using VNC on
my machine?

Regards,

JL

--

// Jared Lyvers
// -----------------------
// Director of Interactive
// Director of IT
// LPI Certified
// -----------------------
// www.lewiscommunications.com


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault