1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How secure is it running a VNC service?

Discussion in 'Networks & Internet Connectivity' started by MartinPrince, May 17, 2019.

  1. MartinPrince

    Hitman

    Joined: Aug 14, 2018

    Posts: 564

    I've run a VNC service for years but recently hadn't done so due to issues with Win10 working with the TigerVNC variant I used. I thought I'd try the original TightVNC that I used to use and it worked great.

    During my initial setup and test phase I configured the service with just a simple one letter lower case character to make it quick and easy to test. Before I could configure it with my normal 14 character (with symbols numbers etc) somebody hacked into my computer and took control. I wasn't too surprised and found it quite interesting, as I've read about this before, so watched to see what they would do. They opened a browser and went to Paypal.com, no doubt to do a transfer to an account. I then shut them down, though my Paypal password is never stored (or any other bank/money details).

    It got me thinking whether my normal 14 character password would prove too much for current hacking tools. If you google "VNC Hacked" you see pages that blatantly offer several tools to hack VNC logins.
     
    Last edited: May 17, 2019
  2. Caged

    Capodecina

    Joined: Oct 18, 2002

    Posts: 23,085

    Use a VPN. Don't leave things like that open to the world.
     
  3. MartinPrince

    Hitman

    Joined: Aug 14, 2018

    Posts: 564

    As far as I know a VPN won't allow me to control my computer from my phone, which is what I currently do via VNC. I could use Remote Desktop though that did not work well with multiple monitors and I'm running 4.
    I have a VPN server running on my Asus AC68U router.
     
  4. phrases

    Hitman

    Joined: Jul 11, 2011

    Posts: 721

    I mean you should be basically fine unless you aren't using the full program and some hacked together crap.

    You can set the port to any you wish and behind a NAT firewall unless someone is specifically targeting you then they won't go past the hassle of scanning past the basic 1-1000 scan that they do. I used VNC for years before switching to built in remote desktop and never had any issues.
     
  5. skyripper

    Wise Guy

    Joined: Jul 19, 2011

    Posts: 1,912

    You load a VPN client on your phone (Android had them built in) and only VNC after that. Leaving VNC on the live internet is asking for attack attempts.
     
  6. MartinPrince

    Hitman

    Joined: Aug 14, 2018

    Posts: 564

    Ok, I have a VPN client on my phone that I normally just use to connect back to my network when I'm abroad so I can watch IPlayer or I'm on an unsecure WiFi etc.

    So do I configure VNC so that it can only be accessed from my network?
     
  7. skyripper

    Wise Guy

    Joined: Jul 19, 2011

    Posts: 1,912

    I'm taking a guess that your host machine (running VNC) is behind a firewall?
    The easiest way is to stop forwarding that port from the router/firewall to the host machine
     
  8. Rroff

    Man of Honour

    Joined: Oct 13, 2006

    Posts: 61,685

    I wouldn't expose a machine running VNC to the internet these days without multi-factor authentication ideally token or certificate - last time I had one setup on a non-default port it was found in minutes and slammed by login attempts - probably wouldn't have lasted more than a few weeks at the rate they were going.

    If you've got any coding experience I'd probably grab the TightVNC source and do something non-standard to it so generic tools can't just login.
     
  9. MartinPrince

    Hitman

    Joined: Aug 14, 2018

    Posts: 564

    Well there's Win10 firewall and then the Asus AC68U (Merlin firmware) router.
     
  10. bledd

    Don

    Joined: Oct 21, 2002

    Posts: 46,143

    Location: Parts Unknown

    Own a Synology? Setup OpenVPN on it and forward a port for VPN to the Synology.

    Own a Pi? Install pivpn
     
  11. MartinPrince

    Hitman

    Joined: Aug 14, 2018

    Posts: 564

    I own neither. ;)
    My Virginmedia SH3 is in modem only mode.
    I have an Asus AC68U with Merlin firmware running an OpenVPN server.
    My Win10 PC is running TightVNC 2.8.11 64-bit

    I normally control my PC from my phone using Jump Desktop v7.1.4. I do this to run some software on the PC and need more than just access to files.
     
  12. bledd

    Don

    Joined: Oct 21, 2002

    Posts: 46,143

    Location: Parts Unknown

    Perfect, use openvpn, then vnc.
     
  13. MartinPrince

    Hitman

    Joined: Aug 14, 2018

    Posts: 564

    Done. Works great, many thanks for the advice. I did temporarily change the port to something really high but this way takes out the variable altogether and is much more secure.