Depending the version of VNC you'd like to utilize, the short answer would be;
yes you are exposing yourself to additional risks. Naturally, each new port
you open up on your host, you allow an attacker another avenue of opportunity
to gain access to any data stored on your machine. Now back to VNC.
Unfortunately the only encrypted mechanism offered is during the authentication
phase and password storage on the client side - even then, the password stored
utilizes a static 3DES key which is easily obtainable.
If you'd like to remotely administer your system, running VNC through a ssh
tunnel would be your best option. Mitigations: Man in the middle attacks are
null, and all data transmitted is now encrypted and prevents prying eyes. If
you have sshd configured on your system running the vnc server, the following
from the client would forward your session through:
ssh -l <username> -L <local port>:localhost:<remote vnc port> <ip address>
So: ssh -l admin -L 1234:localhost:5900 10.100.100.10
Fire up your vnc client and connect locally to port 1234 and that will redirect
your vnc session to the remote host on port 5900.
I hope that makes sense :)
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
