Re: vnc server

[hytham.a () securityfocus com, gmail () securityfocus com, com () securityfocus com]

Depending the version of VNC you'd like to utilize, the short answer would be; yes you are exposing yourself to 
additional risks.  Naturally, each new port you open up on your host, you allow an attacker another avenue of 
opportunity to gain access to any data stored on your machine.  Now back to VNC.  Unfortunately the only encrypted 
mechanism offered is during the authentication phase and password storage on the client side - even then, the password 
stored utilizes a static 3DES key which is easily obtainable.

If you'd like to remotely administer your system, running VNC through a ssh tunnel would be your best option.  
Mitigations: Man in the middle attacks are null, and all data transmitted is now encrypted and prevents prying eyes.  
If you have sshd configured on your system running the vnc server, the following from the client would forward your 
session through:

ssh -l <username> -L <local port>:localhost:<remote vnc port> <ip address>

So:  ssh -l admin -L 1234:localhost:5900 10.100.100.10

Fire up your vnc client and connect locally to port 1234 and that will redirect your vnc session to the remote host on 
port 5900.

I hope that makes sense :)

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------