dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
12613
share rss forum feed


Da Geek Kid

join:2003-10-11
::1
kudos:1
reply to Woody79_00

Re: How to secure VNC and port 5900

logmein is free service for personal unless you want to go big!



AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
reply to HELLFIRE

said by HELLFIRE:

I don't know if it supports it, but if VNC or the machine itself permits a log of successful
logins, set it up so you can keep track of VNC attempts.

what's the point, it can be easily defeated if the attacker gets some sort of privledged access over VNC (unless you output to a line printer)
--
* seek help if having trouble coping
--Standard disclaimers apply.--


mmainprize

join:2001-12-06
Houghton Lake, MI
Reviews:
·Charter
reply to Woody79_00

said by Woody79_00:

I am not living in the past, I just am not comfortable trusting "any" outside entity to provide remote access to my LAN from outside of my control. If i were to offer such services, I would want those services (the hardware) to be on site under my control. Any business should want the same.

With services like LogMeIn, its an honor system...Why should i trust them? The way things are in the world today...i have no reason to trust them. I don't "personally know" anyone who works for LogMeIn...how do i know i can trust them? Should i take someone else word for it, who by the way, has never met these people in person face to face either?

have you met anyone from LogMeIn face to face? Are you sure you can trust them? Do you even know what kind of people they are? How about their ethics? Who runs their data centers? where are they located? can i visit the data center i will be using?

these are questions everyone should ask themselves before making such deals, especially when it comes to remote access.

Again...if your willing to pay money for LogMeIn or any other service, why not spend that money on a consultant who is capable of setting up a OpenVPN Server for you securely and be done with it....in the long run this may even be a cheaper option overall.

at least you will have piece of mind that remote access is controlled on premise, by people you know and have seen their faces, and not hosted somewhere else by someone you have never met before in your life.

just my 2 cents.

Right On.

Every time i think about one of these types of services i think about the same things you just listed.
I do not want to give my login info to any site.
Even the VPN services sites, you never know who might be watching your traffic at the service.
You have better trust any service you deal with. I was given a free one year account at cyberghost, VPN service but have not used it because i don't trust it or the source i got it from.

It is like all the people that do there taxes online at some web site. Now you here that many find that taxes refunds have all ready been sent out to fake fillers before the real person filled there taxes, where do you thing they got all the info to fill a tax return in your name.
I have always used OpenSSH but now just upgraded to Windows 8 and need to find new software that is compatible with windows 8. I don't travel much so the need to connect is less these days so i have some time.


Derwood
Wherever you go, there you are
Premium
join:2003-01-21
Dayton, OH
reply to jaynick

Stunnel will allow any non-SSL listening app become SSL.. It's free and works with just about anything

»www.stunnel.org/index.html



RickNY
Premium
join:2000-11-02
Farmingville, NY
Reviews:
·Optimum Online
reply to mackey

said by mackey:

I'm surprised no one's mentioned the obvious: run it on a random, non-standard port instead of 5900.

Security through obscurity... The SSH route is the best way to go. Additionally, SSH will provide the end user with some other valuable perks such as SFTP/SCP for file transfers. Additionally, you can use SSHD as a SOCKS proxy, effectively giving you a VPN for anything else.

You will get a lot of drive-bys on SSH -- probably more than you would with VNC.. But properly secured with public key authentication and password authentication disabled, you'd have a very secure system.
Expand your moderator at work


not

@comcast.net
reply to mmainprize

Re: How to secure VNC and port 5900

said by mmainprize:

Right On.

Every time i think about one of these types of services i think about the same things you just listed.
I do not want to give my login info to any site.
Even the VPN services sites, you never know who might be watching your traffic at the service.
You have better trust any service you deal with. I was given a free one year account at cyberghost, VPN service but have not used it because i don't trust it or the source i got it from.

It is like all the people that do there taxes online at some web site. Now you here that many find that taxes refunds have all ready been sent out to fake fillers before the real person filled there taxes, where do you thing they got all the info to fill a tax return in your name.
I have always used OpenSSH but now just upgraded to Windows 8 and need to find new software that is compatible with windows 8. I don't travel much so the need to connect is less these days so i have some time.

Now you, actually have a good point. You have good cause to be weary of VPN tunneling services. The reason being, ALL traffic pumped through that gateway can be sniffed once it's outside the VPN tunnel (i.e. the traffic is only secured between your PC and the VPN endpoint), once it's after that which is still on the local network of the VPN provider and it must go through their Internet Gateway to get to your requested site all they have to do is just sniff your traffic between the VPN server and their Internet Gateway. Simple, so you have a point for this type of service and I agree with you. I wouldn't trust them either.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to AVD

AAA and syslog are also options... just depends on how secure the environment and ho much the OP is willing to expend on the effort.

Regards