VNC - Good idea or bad idea?

**joshwa** · 10-09-2003, 10:39 AM

Right,

I want to be able to use my home machine, which is behind a smoothwall (firewall / router) box, so was going to put VNC on there, and then open that port on smoothwall so that it should work, and was thinking of using a complicated password...

do you think this is a good idea or a bad idea?
should i leave the machine locked so that when i get into vnc i will also need to log onto a local account, as a second level of security?

cheers

josh

**Moby-Dick** · 10-09-2003, 10:55 AM

use TightVNC - its got better encryption.

better still, set up a VPN ( have you got a copy of 2000/2003 server running ? )

**joshwa** · 10-09-2003, 11:04 AM

got 2000 server running - vpn ?

nichomach · 10-09-2003, 11:04 AM

I'm with MD on this; I've used VNC for remote server management, but ONLY through a 3DES/MD5 VPN connection. By all means lock the machine, but remember with VNC you might as well be giving anyone who's got that far physical access anyway, so don't rely on locking it for security.

Jiff Lemon · 10-09-2003, 11:34 AM

Why not use Terminal services?

Paul Adams · 10-09-2003, 11:39 AM

I would use a VPN to establish authenticated sessions and lock down the IP addresses permitted to connect, if your router supports it, then use Terminal Services as it's built into Windows.

Also use a separate account that is permitted to use TS sessions, and does NOT have admin rights.

If you need to transfer files over the connection then I guess you're looking at a 3rd-party solution, as I think you're limited to clipboard copying over TS.
Not familiar with VNC so couldn't comment on that.

**joshwa** · 10-09-2003, 11:42 AM

Originally posted by Jiff Lemon
Why not use Terminal services?

would that work, even though it's not "windows 2000 terminal server edition..." thingy ?
also what port(s) would i need to let through the smoothwall firewall?

leon · 10-09-2003, 11:48 AM

Yes it would work as Win2k server has TS admin mode that doesnt require the extra licensing that application mode does. I believe that the port number is 3389.

**Moby-Dick** · 10-09-2003, 11:49 AM

terminal service can be used in Remote Administration mode with up to 2 concurrent connections. you' may well need to add it in "add/remove windows components"

if you are running a PPTP VPN then I think you need to allow port 1723 and protocol 47 thorugh the smoothwall to your server , then set the VPN up on that.

Wombatwilson · 10-09-2003, 11:58 AM

i use vnc and find its very easy to use especially when your not at home and you need some files for someone elses pc

Jiff Lemon · 10-09-2003, 01:49 PM

Originally posted by Wombatwilson
i use vnc and find its very easy to use especially when your not at home and you need some files for someone elses pc

The problem is that it's not very secure!

malfunction · 10-09-2003, 06:40 PM

If you find setting up a VPN a pain in the arse (and most people do I think) then a (possibly less useful) solution would be to only open up the VNC port(s) to known IP addresses (i.e. if you want to access your home PC from work / uni only let the IP addresses in that you need).

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)