Right On.

Every time i think about one of these types of services i think about the same things you just listed.
I do not want to give my login info to any site.
Even the VPN services sites, you never know who might be watching your traffic at the service.
You have better trust any service you deal with. I was given a free one year account at cyberghost, VPN service but have not used it because i don't trust it or the source i got it from.

It is like all the people that do there taxes online at some web site. Now you here that many find that taxes refunds have all ready been sent out to fake fillers before the real person filled there taxes, where do you thing they got all the info to fill a tax return in your name.
I have always used OpenSSH but now just upgraded to Windows 8 and need to find new software that is compatible with windows 8. I don't travel much so the need to connect is less these days so i have some time.

I'm surprised no one's mentioned the obvious: run it on a random, non-standard port instead of 5900.

I am not living in the past, I just am not comfortable trusting "any" outside entity to provide remote access to my LAN from outside of my control. If i were to offer such services, I would want those services (the hardware) to be on site under my control. Any business should want the same.

With services like LogMeIn, its an honor system...Why should i trust them? The way things are in the world today...i have no reason to trust them. I don't "personally know" anyone who works for LogMeIn...how do i know i can trust them? Should i take someone else word for it, who by the way, has never met these people in person face to face either?

have you met anyone from LogMeIn face to face? Are you sure you can trust them? Do you even know what kind of people they are? How about their ethics? Who runs their data centers? where are they located? can i visit the data center i will be using?

these are questions everyone should ask themselves before making such deals, especially when it comes to remote access.

Again...if your willing to pay money for LogMeIn or any other service, why not spend that money on a consultant who is capable of setting up a OpenVPN Server for you securely and be done with it....in the long run this may even be a cheaper option overall.

at least you will have piece of mind that remote access is controlled on premise, by people you know and have seen their faces, and not hosted somewhere else by someone you have never met before in your life.

just my 2 cents.

I don't know if it supports it, but if VNC or the machine itself permits a log of successful
logins, set it up so you can keep track of VNC attempts.

I'm surprised no one's mentioned the obvious: run it on a random, non-standard port instead of 5900. While it won't keep out someone who's determined or does a full port scan, it will eliminate 99+% of the "drive-bys" which only look at a handful of common ports. I do that with SSH and have fail2ban set up to take care of the few which get through.

/M

I personally would not use LogMeIn for ANYTHING free or not...this is even more true in a business environment.

Security Rule #1: NEVER trust an offsite service to have access or give access to your local LAN period...end of discussion.

Servers that give you and/or workers remote access to the office should be servers hosted and maintained onsite by your IT Department or network administrator.

OpenVPN is not to difficult to set up...LogMeIn is just a lazy insecure way to do something that should be done the right away that is not too hard to set up to begin with. If a person or small business doens't know how to set up a OpenVPN Server, they they have no business operating or offering remote access to begin with. Spend the money and hire someone who knows how to set one up.

Any security conscious IT person would not use LogMeIn under a business environment and would set up his own secure access method with the hardware and software on site under his/her supervision..and just wouldn't take LogMeIn word for it....

OpenVPN is pretty easy to set up, there really is no excuse....

My apologies for the rant, but trusting an offsite company with remote access to any LAN i work on just doesn't sit well with me...

did you go with hamachi?

may I ask why an hour when you are not expecting password attempts with anything other than a cert, why not 600 hours.

Best practice for securing VNC is to tunnel it through SSH...As others have already mentioned here. If your VNC server supports it, allow it to only listen on the localhost interface (127.0.0.1) to further protect it from internal LAN attacks. When setup that way, it will only accept connections on a SSH tunnel. In case it was not obvious, the only port that should be forwarded would be the port you are using for SSHD.

I just thought I see the word attempt or blocked or something like that instead of just LAN access. Wasn't sure what to make of it. Any way I'll use one of the other suggested approaches.

Bottom line is that all those entries were probes and attempts but not actual access. Correct?

Yes, that's the problem with that.

I would recommend running VNC through a Secure Shell [SSH] tunnel. ....

VNC tunneled thru SSH
»www.science.smith.edu/~ejensen/vncssh.html

A strong password generated from something such as
»www.grc.com/passwords.htm
would go a long way.

Of course you'd have to know what internet IP(s) you may have (i.e. what are you). The firewall will prevent any port scanners from even reaching your LAN while you'll get through.