> -----Original Message-----
> There are also other methods of remote access. Coming from
> *nix there's VNC (many varieties, some of which work for
> windows as well) and there's Remote Administrator. I can't
> speak for the security of RA, but I know VNC has been looked
> at many a time and at it's current state is pretty secure.
Actually, I think that VNC could be worse than Terminal Services from a
security point of view. First, its logging is awful. Second, it can
only be secured by a single password. Since everyone allowed to use VNC
would know the same password, this doesn't meet the standard for
authentication. Third, it gives the remote user the console. If left
logged in, the only thing between a malicious user and eavesdropping or
major destruction is a single password that can't be locked-on-failure,
so it *can* be brute-forced.
There may not be any 0d4y-spl01tz for VNC at the moment, but IMHO, it
suffers from some design flaws that make it less than secure.
That said, I use VNC with my systems at home. But this traffic is
always tunneled via SSH across the Internet.
PaulM
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Apr 21 2004
Intro
