VP wrote:
Hi Stuart,
Does this mean that if you are using the latest _Enterprise_ edition of Real VNC
that tunnelling through a VPN or SSH connection becomes unnecessary?
Thanks
Please reply to the group list, not to individuals.
</lecture>
I have never used RealVNC Enterprise or Personal editions, so the only
information I can give you would come directly from RealVNC's web-site.
Try http://www.realvnc.com/products/features.html for a start.
RealVNC offer a trial on both Personal and Enterprise Editions, so you
can find out for yourself if that will suit your needs before making a
financial commitment. The Enterprise and Personal editions of RealVNC
offer built in encryption types, meaning that they CAN have encrypted
connections IF YOU TELL THEM TO DO SO. This would make the encryption
offered by a VPN or an SSH connection unnecessary. However, encryption
is not the be-all and end-all of security. There are other factors to
consider about whether a system (like VNC) is "safe enough" to be used
over the internet, for which you will have to make your own judgement.
HTH,
Stewart
At 08:58 PM 28-09-06, you wrote:
Adrian Powell wrote:
Is Real VNC considered current safe enough (generally) to use across the
internet ?.
Free edition: NO! It is not encrypted, and although the password is checked
securely, you can only have a password of a maximum length of 8 characters.
Any keypresses (for typing passwords, etc.) you send within the session are
send "in the clear." Similarly, if the work you are doing on screen is
sensitive, that is not encrypted. However, you can tunnel VNC through a VPN
or SSH connection. Try googling "VNC and SSH HOWTO" or "VNC and VPN HOWTO"
for details on how to go about this.
It is my understanding that RealVNC Personal edition and Enterprise edition
address these issues. There are also variants on different versions of RealVNC
Free edition that have encryption added in, such as VeNCrypt, maintained by
myself and Martin Koegler. See http://sourceforge.net/projects/vencrypt for
details.
Googling for VNC exploits appears to imply that there have been many
vulnerabilities
in the past, and having free source code available only compounds the
security risk.
Open source does not make it any more/less secure than any other solution.
Many security schemes are open, either from open source implementations or the
algorithm is publicly known. There is no security in hiding your method -
considerably less in fact, since that means fewer people can analyse the
situation. For example, ssh is open source but considered a very secure
mechanism.
Stewart Becker
_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
