[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Security Implications of using VNC Viewer /WinVNC
Gopinath, You shuold not consider this safe at all. The passwords are encrypted, but the sessions are not encrypted at all (only compressed). You could of course use vnc in conjunction with ssh and you should also use _one time passwords_ to authenticate the users. VNC passwords can be brute forced: http://www.securiteam.com/tools/Brute_forcing_VNC_passwords.html SSH+VNC: http://www.zip.com.au/~cs/answers/vnc-thru-firewall-via-ssh.txt MindVNC (java VNC client with ssh): http://www.mindbright.com/english/technology/products/mindvnc.html SSHD on NT: http://www.gnac.com/techinfo/ssh_on_nt/ssh_on_nt.htm Lars > -----Original Message----- > From: Gopinath Pulyankote [mailto:[email protected]] > Sent: 13. september 2000 01:43 > To: Checkpoint Mailinglist > Subject: [FW1] Security Implications of using VNC Viewer /WinVNC > > > > Topic is not directly related to FW-1, hence please forgive. > Hello, > > Some of our users wants to use VNCviewer from the > Internet to connect to > their desktops via FW-1 WITHOUT using SecuRemote (The > desktops are on a > subnet that's not part of our encryption domain due to some historical > reasons! :) ) . Wanted to know your views on this product. > How safe is it? > Any reports of security vulnerability, can the packets be > sniffed to get the > initial login password or the data itself? > For those not familiar, its almost like PC-Anywhere or other > thin clients, > which enables control of a remote desktop or Unix server. > TIA > Gopinath > > > > ============================================================== > ================== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================== > ================== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|