[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Security Implications of using VNC Viewer /WinVNC
Not sure where I read/found this, but I remember hearing that people were tunnelling VNC over SSH. You'll prolly take a small performance hit, but the added security is worth it IMHO. You probably can find more info by searching on Google or Deja for "VNC and ssh". -- Aaron Turner [email protected] Engineer Vicinity Corp. Cell:http://www.vicinity.com On Wed, 13 Sep 2000, Chris Trudeau wrote: > > B e very careful, while feature wise VNC is much like PCAnywhere or other "remote > control" packages. As far as I know in the latest releases, there is NO facility > for using encrypted traffic and authentication for connecting to the daemon is in > clear text. > > Sitting on a network collecting traffic information between your clients and the > firewall would make breaking into your network trivial at best. > > However, VNC is really cool! It is considerably smaller than the other packages out > there, and (here comes the really cool part) allows you to view and remotely manage > your windows desktop from a unix platform. > > Use it within trusted domains.. Hopefully if they AT&T labs in the UK actually > releases another version of it, they can tune some small performance issues and > possibly offer a layer of encryption. > > Chris > > Gopinath Pulyankote wrote: > > > Topic is not directly related to FW-1, hence please forgive. > > Hello, > > > > Some of our users wants to use VNCviewer from the Internet to connect to > > their desktops via FW-1 WITHOUT using SecuRemote (The desktops are on a > > subnet that's not part of our encryption domain due to some historical > > reasons! :) ) . Wanted to know your views on this product. How safe is it? > > Any reports of security vulnerability, can the packets be sniffed to get the > > initial login password or the data itself? > > For those not familiar, its almost like PC-Anywhere or other thin clients, > > which enables control of a remote desktop or Unix server. > > TIA > > Gopinath > > > > ================================================================================ > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================================================ > > > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|