| reply to jaynick
Re: How to secure VNC and port 5900 I'm surprised no one's mentioned the obvious: run it on a random, non-standard port instead of 5900. While it won't keep out someone who's determined or does a full port scan, it will eliminate 99+% of the "drive-bys" which only look at a handful of common ports. I do that with SSH and have fail2ban set up to take care of the few which get through.
/M |
|
| RealVNC Enterprise edition can also do this "fail2ban" type thing, has 256 bit AES encryption, and, in spite of the expensive sounding name, is only $50. |
|
 KA0OUVPremium
join:2010-02-17
Jefferson City, MO | reply to mackey
+1 |
|
KA0OUVPremium
join:2010-02-17
Jefferson City, MO Reviews:
 ·Embarq Now Centu..
| reply to mackey
said by mackey:I'm surprised no one's mentioned the obvious: run it on a random, non-standard port instead of 5900. While it won't keep out someone who's determined or does a full port scan, it will eliminate 99+% of the "drive-bys" which only look at a handful of common ports. I do that with SSH and have fail2ban set up to take care of the few which get through.
/M
+ 1 |
|
|
|
 RickNYPremium
join:2000-11-02
Manorville, NY | reply to mackey
said by mackey:I'm surprised no one's mentioned the obvious: run it on a random, non-standard port instead of 5900.
Security through obscurity... The SSH route is the best way to go. Additionally, SSH will provide the end user with some other valuable perks such as SFTP/SCP for file transfers. Additionally, you can use SSHD as a SOCKS proxy, effectively giving you a VPN for anything else.
You will get a lot of drive-bys on SSH -- probably more than you would with VNC.. But properly secured with public key authentication and password authentication disabled, you'd have a very secure system. |
|
