VNC access not by me - Should I be concerned?

NeilF · 10 Jan 2008 at 14:02

I have VNC access to my machine at home.

While looking at my Event Viewer (crappy place for VNC to put logs IMHO) I can see access to that program that is not by me.

Now they aren't very often, EG couple of times a month, and all the ones I can see 'connect' to VNC but don't 'authorise' thru/further.

Now, are these just the random traffic requests you seem to get on the internet, or do I need to be concerned?

NeilF · 10 Jan 2008 at 14:14

andr3w1984 said:
awhile back there was an artical that VNC can be compromised. This is indeed very true as a friend of mine acctually did have his computer taken over even though it had a very long complex password. I assure you to find another method of remote desktop.

Any recommendations?

ps: I'm using VNC4!

NeilF · 10 Jan 2008 at 14:31

andr3w1984 said:
Not been modest here but can I ask why you are remoting onto your home pc for? Is it to set downloads away or something?

Yes, sort of... Just general access, if/when I need it...

NeilF · 10 Jan 2008 at 14:32

daz said:
Are you tunnelling the VNC connection through SSH? IIRC, the password in VNC is sent in plain text...

I have no idea what SSH or IIRC is.... So I suspect not.

The encryption option is enabled within VNC (server)... When logging on is says 128bit encryption.

NeilF · 10 Jan 2008 at 15:09

andr3w1984 said:
If your only setting downloads off. There is better ways to do this and that is to use uTorrent with a built in HTTP server too allow you to connect via HTTP (Internet Explorer) and you can upload torrents via this.

https://[ip address]:[port]/path
I suggest you give it ago because it is a more secure way to handle downloads than remote desktop and uses less bandwidth.

Assuming your downloading via torrents that is.

I do more than that (unfortunately)... Is there a better alternative to VNC?

Or at least a more reliable means of using it? Maybe forcing NT authentication for it as well (that's an option within VNC Server).

ps: I do use uTorrent

NeilF · 11 Jan 2008 at 13:26

MrLOL said:
VNC isnt very secure at all

as already mentioed, get an XP pro installation on and TSC on

or use Logmein

much safer

OK... Managed to enable Remote Desktop... And you recon this is MORE secure than VNC?

NeilF · 11 Jan 2008 at 14:35

MrLOL said:
Yes

there are business' out there that sell Thin clients that work off just the same technology. Essentiall all have, is a keyboard, a mouse, a monitor, a printer port and a flash drive with a remote desktop connector and some other custom bits

you turn the client on, and it straight away remote desktops to the server. No local operating system at all

plus think of all those datacentres with racks of servers in. They're nearlly allways accessed via remote desktop

You wont crack remote desktop in the same way you can VNC, because the acess levels etc.. are you windows one, not just a registry value that can be seen / read quite easily as in VNC's case

Thought I'd change the default port number at least from 3391 to something else... Can't get it to work

Change the reg entry, changed the firewall, change the router to port forward... Cannot connect on the new port (or obviously the original).

NeilF · 11 Jan 2008 at 15:06

CrimsonAvenger said:
Another vote for LogMeIn here.

Simple, easy to use and install

Do you have to do things with firewall, and router port mapping to allow it to work?

Can you copy files to/from the machine with LogMeIn (free)?

ps: I notice you cannot reboot the machine with LogMeIn free? Huh? What prevents you from just going into task manager and doing it from in there?

NeilF · 11 Jan 2008 at 17:07

HANG ON! I've just set my VNC to use NT logon authentication! So surely it's now as secure as Remote Desktop for example?

I've got the account on the machine set to allow 5 attempts and then lock out for 5 mins... This has got to be pretty damn safe surely!!!

NeilF · 11 Jan 2008 at 17:27

InvaderGIR said:
I can (well could when the system was connected to the net...damn Belkin router), as you have control over the desktop you can just go:

Start > Shutdown > Restart/Shutdown/etc.

InvG

Given what I've just discovered I'll stick with VNC... I cannot imagine how it can be anyless secure than Remote Desktop now:-
1) I've got it using NT logons
2) If a logon entered incorrectly 5 times, then logon is disable for 5 mins.
3) I'll also change the standard port for it as well.

Now, that's got to be nice a secure

NeilF · 11 Jan 2008 at 21:17

MrLOL said:
given that we're only on about your PC at home you should be fine

and the biggest problem with VNC is that the value is stored in the registry for your password. If you've got it to use NT authentication you've removed one of the biggest shortfalls of common VNC versions.

Plus more than 5 attempts to logon will lock the logon for 5 mins...

Plus I'll change the standard VNC port

NeilF · 11 Jan 2008 at 22:22

Skeeter said:
Short answer, Yes

Long answers, Yeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeees

If you have a direct connection to the internet on your PC, or can setup port forwarding on your router use Windows Remote Desktop, or Terminal Services as its also known. If you cant be bothered with setting up tunnels etc then use www.logmein.com. Its free and allows you to just install a piece of software on your machine, then access it through a web browser anywhere in the world. I have it on all my machines, my families machines, my girlfriends and a mates. Easy access regardless of where they are or where you are!

And why is the answer 'yes'?

Why is Remote Desktop more secure than what I've (now) done?

ps: LogMeIn doesn't allow file transfer, which I want...

NeilF · 12 Jan 2008 at 09:24

Unless anyone can suggest/say otherwise, I think I'm going to stick with VNC, but with NT logons (only 5 attempts permitted) on a different (to standard) port...

I can't imagine that is any less secure than other methods...

NeilF · 31 Jan 2008 at 19:32

Clarkey said:
VNC is insecure, not suitable for use over the internet. Use logmein or RDP.

...and how is it insecure?

NeilF · 1 Feb 2008 at 07:50

Clarkey said:
8 character password limitation, weak password encryption, no data encryption.

From my understanding....
1) I'm using the full windows NT user authentication so that's pretty strong.
2) In my case, if someone mistypes the password 5 times the account is locked out for 5 minutes. Therefore someone cannot just blitz the logon.
3) Why do you say no data encryption? When it does?

Dracata, care to comment on this?

NeilF · 1 Feb 2008 at 10:16

MrLOL said:
carefull

theres different versions of VNC out there

i know for a fact there are version of VNC out there that dont encrypt the password

i also know there are versions out there that do. and theres also versions that dont have the 8 character password limitation. I've not found one that does, but thats not to say there isnt because there are so many VNC versions

and as the OP has already said, hes found a way to use NT authentication instead of VNC authentication. Read the full post before posting a rush reply.

Indeed! The problem with the internet is it's easy for people to sound as if they know what they're talking about, where infact they're raising questions rather than stating facts.

I have the 4.2.8 Enterprise Edition which as far as I'm concerned can be configured (& is) to encrypt all data. Furthermore, as previously stated, I'm using NT authorisation... Plus ontop of that on the machine in question if the account is incorrectly logged into 5 times it locks you out for 5 mins...

I'm fairly happy this is secure as needs be...

NeilF · 1 Feb 2008 at 11:39

Otacon said:
Well, feel happy if you want, but it isnt Authentication aside, VNC (the protocol) has a bad history when it comes to security. It's fine for local use, or for use through some other secure means (VPN/SSH/whatever), but you're taking a risk exposing to to the big wide world. Almost like the phpbb or remote access.

Remote desktop is a lot better but still not ideal, personally I shove everything through a VPN tunnel.

You said the words 'bad history', but I believe VNC 4 now has 128bit encryption!? It's like the previous poster said it only has 8 character logon identification, which of course is rubbish as it has 256 characters for the username & password.

Anyway, given that what security issues do I have?
1) Someone logging on? They would have to get through the NT authorisation for that surely? And this is protect by 5 invalid logons and you're out!
2) Someone happening to see my (128bit encrypted traffic) VNC traffic, most of which is me just doing nonsy stuff like checking on torrents running etc. Or copy/pasting files backwards/forwards.

I imagine someone using google mail is more open to people knicking their details/communications surely?!

NeilF · 1 Feb 2008 at 13:06

You mentioned piping it thru VPN. Now I've never touched VPN, but surely if you use VPN you're just moving the goal posts? ie: Instead of NT security for VPN, now it's NT security for VPN?

Excuse my ignorance on this!

NeilF · 5 Feb 2008 at 10:53

Clarkey said:
Of course, don't mind me I know nothing, only got the one BSc degree in Computing

You could have a PHD... Still doesn't prevent someone from spouting unfounded claims...
8 character password limitation - Incorrect
weak password encryption - Incorrect
no data encryption - Incorrect

NeilF · 5 Feb 2008 at 10:54

NathanE said:
Use RDP, it's much more secure. Especially RDP 6.0 which has transport layer encryption.

OR... just lock down your VNC port using a rules firewall. I.e. "only allow connections from 123.456.789.012", or whatever your work IP/range is.

Or use a private VPN like Hamachi. And then you don't even have to allow external incoming connections to VNC or whatever.

Personally I use latter. Hamachi is better than sliced bread IMO. Soooo many uses for it.

Point taken - I'll look at the port forwarding rules as it will be the easiest to apply/setup I suspect