securing VNC

[Z_K]

I finally got VNC to work and can remotely access my server, but some of the things I have read on the Internet say that it is not very secure. Granted I only intend to use this on my home network and not outside it, but it would be good to know how to secure VNC should I need to.

So, what steps would I take to secure the VNC connection?

[ab@novell.com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

VNC is definitely insecure. It has no encryption for the data going across
at any point including authentication (username/password). On the other
hand if you are only on your home network and you never catch a virus that
can do evil things on your network you should be fine. In VNC's defense
if you (in your environment at least) get a virus or other malware that
captures unencrypted LAN traffic chances are it can also capture
keystrokes which means your entire life is toast and not just your VNC
connection since a keylogger will capture data sent across a secure
channel as quickly as data sent across an open channel.

How to you protect it? VNC can be tunneled (easily even) via SSH. If you
are just on your network I wouldn't bother with this in most cases but in
the real world SSH from your client machine to the server and forward a
port from your side (5901 for example) to the server's port (probably
5901). Once done you just VNC to your local box on 5901 and your traffic
is sent securely to the server's port 5901. You'll need to find out which
port you need for VNC and forward that one.

Good luck.





Z K wrote:
> I finally got VNC to work and can remotely access my server, but some of
> the things I have read on the Internet say that it is not very secure.
> Granted I only intend to use this on my home network and not outside it,
> but it would be good to know how to secure VNC should I need to.
>
> So, what steps would I take to secure the VNC connection?
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJKQo4HAAoJEF+XTK08PnB5aRYP+gPxn9uZ7E pDHvadGWhKcFYU
iVKAoR1CNioFZtyNCTm18fpaCPMN/smVDPkTTzyF3wHOf0c/3HfvdiEBFOnfMrHc
GlRUCWOg6LNi9eSz22uElqwjJVO1CSClj8DEP9H8K9SSpnuMqt THfIBDTgCh0rWd
SETKAGdxWCqV0v6vNgxZ3tDBa26jsRYOJAnbXlyqDIYCYWUAbF IvbH0dfhrEieO+
qVtpR/0WiAA55gl8UhtUbiegxaBUSChHIh5megU3aEciB10nylNfO1YP L4LD+xyb
/X4/MUKN3wtBUU/UGTz4BpRI9PEStyanA1NdPM3gX8noIYmyK+1/llt7+SXTk335
CKKjYTMicXhWWxRxGs/mm4I+03+t7fzDUdsPC6FzfSlCZ4wyO5jGuug6OHXzqZ6O
XBC2uLi6h4WbWr0p7PBP/Mg3JdH5gnOaEIDiTVUxF6oYzb0sGtVTV7bTWDY0sRw3
HktTH+vPU4em7ufYPTJ7ajc6wDrxhlr/+w1QijmYy65linIYabaC9lZfwe1V21wr
g+bpTERrjuRXWSCNxOk0nl+014guHd0kO3vJjLRI1EsrBdDq0t +eahaWKbV/etve
ytgQF8hPUiQRMsDfwSAH1QtwrrCLgR0RjDhTsI7fmyy4tHxTL5 n5jcS8dVzcgSMz
AR5ntj2EinpjjnsLwrnL
=rziF
-----END PGP SIGNATURE-----