Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: VNC Security

from [Steve Bostedor] Network Security [Permanent Link]
Subject: RE: VNC Security
Date: Tue, 28 Jun 2005 16:24:40 -0400 

A while back, we had a pretty long running and informative thread on VNC
security.  The only VNC that had real encryption built in was the
Enterprise version of RealVNC.  UltraVNC had a DSM plug-in but it was
pretty nasty to get working and was suffering from compatibility
problems.  On top of that, it was very difficult to deploy the UltraVNC
encryption remotely.

I believe that the solution to this on the Windows side is in the new
version of VNCScan at http://www.vncscan.com.  While I believe that this
version of VNC Scan makes UltraVNC encryption very easy to deploy and
use, I'd like to fire up this debate again to see if the ease of
encryption changes anyone's view on the security of VNC.

I would also like to know if there are any security concerns with the
UltraVNC DSM plug-in.  Is the encryption with this method considered as
secure to you as, say, running VNC through an SSH tunnel?  

Just for the record, I don't want to take any credit for the UltraVNC
encryption.  The people working on the open source UltraVNC are awesome
and they deserve a huge pat on the back for this plug-in.  The
contribution that is made with VNC Scan is to make the plug-in very easy
to deploy and use.  :)  

The scenario that I'd like to see people test against would be a Windows
XP or Windows 2000 computer running UltraVNC 1.0.0 server using MS
Windows authentication for VNC and employing the UltraVNC encryption.
If you choose to use VNC Scan to deploy this, these are simply check
boxes in the deployment wizard.

I am very interested in hearing if any security concerns are still out
there despite this new encryption scheme.

Thank you!

Steve Bostedor
http://www.vncscan.com
The Leader in VNC and Terminal Server Management
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • RE: VNC Security, Steve Bostedor <=
Previous by Date:  Re: RE: Masters program for Information Security?, Jawbox
Previous by Thread:  BlackBox testing for SQL injection, mickael kael
Indexes:  [Date] [Thread] [Top] [All Lists]