Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] VNC and security
- Date: Sun, 17 Dec 2006 20:00:51 -0500
- From: Scott Robbins <scottro@example.com>
- Subject: Re: [tlug] VNC and security
- References: <4585E281.7020401@example.com>
- User-agent: mutt-ng/devel-r804 (FreeBSD)
On Mon, Dec 18, 2006 at 09:36:17AM +0900, Dave M G wrote: > TLUG, > > > I always manually turn on the VNC server on my machine to allow the other > person to see my desktop before each session. And, at the end of each session, > I close the remote desktop access. > > Over the holidays, I'm going to be away for a couple of weeks, and I was > thinking I might be kind of cool to be able to log into my own machine from > time to time. > > This would mean leaving the remote desktop open, and setting it to be accessed > by password. > > My question is whether or not this is a security risk or not. Is VNC with > password protection secure enough that I won't have to fear my computer being > hacked in the two week period that I am leaving it up? If we're talking about a Linux machine being left open, here is what I do. (It's a FreeBSD machine, so there might be some minor differences.) I leave it open by ssh, on a non-standard port. (Security by obscurity, but every little bit helps and it helps avoid automated attempts to log in on port 22.) I add to that by only giving one username ssh access. You can, even on a friend's Windows machine, (or in an Internet cafe) download the putty binary. It doesn't install anything, it's a self-contained binary so you don't even need admin privilege on the MS machine. Then, if you need to use X, you can manually start vncserver. Now, you can use tightvncviewer--another binary that doesn't install anything--to work with X. Depending upon how paranoid you want to be--I assume this isn't hard to do with iptables, it's really easy with FreeBSD's pf (taken from OpenBSD) you can first add a rule only allowing VNC connections from the address that you're using. I don't know enough about VNC to know if all this paranoia is necessary, however, it's one way to avoid worrying about yet another program's security. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Oz: Sometimes when I'm sitting in class...you know, I'm not thinking about class 'cause that would never happen... I think about kissing you. And it's like everything stops, it's like, freeze frame: Willow kissage.
- Follow-Ups:
- Re: [tlug] VNC and security
- From: Stephen J. Turnbull
- Re: [tlug] VNC and security
- References:
- [tlug] VNC and security
- From: Dave M G
- [tlug] VNC and security
- Prev by Date: Re: [tlug] lan card suggestions
- Next by Date: Re: [tlug] VNC and security
- Previous by thread: [tlug] VNC and security
- Next by thread: Re: [tlug] VNC and security
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |