Results 1 to 12 of 12

Thread: VNC - Good idea or bad idea?

  1. #1
    Senior Member joshwa's Avatar
    Join Date
    Jul 2003
    Location
    Shef-field, UK
    Posts
    4,818
    Thanks
    94
    Thanked
    66 times in 61 posts
    • joshwa's system
      • Motherboard:
      • PC Chips M577 AT/ATX
      • CPU:
      • AMD K6-2 500Mhz
      • Memory:
      • 512mb PC100 SDRAM
      • Storage:
      • 6.4GB Samsung
      • Graphics card(s):
      • 16mb Matrox G400 Dual Head AGP
      • PSU:
      • ATX 145watt
      • Case:
      • Midi Tower AT
      • Monitor(s):
      • 27" iiyama TFT Widescreen
      • Internet:
      • Awful horrible ADSL

    VNC - Good idea or bad idea?

    Right,

    I want to be able to use my home machine, which is behind a smoothwall (firewall / router) box, so was going to put VNC on there, and then open that port on smoothwall so that it should work, and was thinking of using a complicated password...

    do you think this is a good idea or a bad idea?
    should i leave the machine locked so that when i get into vnc i will also need to log onto a local account, as a second level of security?

    cheers

    josh

  2. #2
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,662
    Thanks
    53
    Thanked
    383 times in 313 posts
    use TightVNC - its got better encryption.

    better still, set up a VPN ( have you got a copy of 2000/2003 server running ? )
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  3. #3
    Senior Member joshwa's Avatar
    Join Date
    Jul 2003
    Location
    Shef-field, UK
    Posts
    4,818
    Thanks
    94
    Thanked
    66 times in 61 posts
    • joshwa's system
      • Motherboard:
      • PC Chips M577 AT/ATX
      • CPU:
      • AMD K6-2 500Mhz
      • Memory:
      • 512mb PC100 SDRAM
      • Storage:
      • 6.4GB Samsung
      • Graphics card(s):
      • 16mb Matrox G400 Dual Head AGP
      • PSU:
      • ATX 145watt
      • Case:
      • Midi Tower AT
      • Monitor(s):
      • 27" iiyama TFT Widescreen
      • Internet:
      • Awful horrible ADSL
    got 2000 server running - vpn ?

  4. #4
    Will work for beer... nichomach's Avatar
    Join Date
    Jul 2003
    Location
    Preston, Lancs
    Posts
    6,133
    Thanks
    527
    Thanked
    137 times in 98 posts
    • nichomach's system
      • Motherboard:
      • Gigabyte GA-870A-UD3
      • CPU:
      • AMD Phenom II X6 1055T 95W
      • Memory:
      • 16GB DR3
      • Storage:
      • 1x250GB Maxtor SATAII, 1x 400GB Hitachi SATAII
      • Graphics card(s):
      • Zotac GTX 1060 3GB
      • PSU:
      • Coolermaster 500W
      • Case:
      • Coolermaster Elite 430
      • Operating System:
      • Windows 10
      • Monitor(s):
      • Dell 20" TFT
      • Internet:
      • Virgin Media Cable
    I'm with MD on this; I've used VNC for remote server management, but ONLY through a 3DES/MD5 VPN connection. By all means lock the machine, but remember with VNC you might as well be giving anyone who's got that far physical access anyway, so don't rely on locking it for security.

  5. #5
    Oh no!I've re-dorkalated! Jiff Lemon's Avatar
    Join Date
    Jul 2003
    Location
    Sunny MK
    Posts
    2,504
    Thanks
    80
    Thanked
    44 times in 41 posts
    Why not use Terminal services?

  6. #6
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    I would use a VPN to establish authenticated sessions and lock down the IP addresses permitted to connect, if your router supports it, then use Terminal Services as it's built into Windows.

    Also use a separate account that is permitted to use TS sessions, and does NOT have admin rights.

    If you need to transfer files over the connection then I guess you're looking at a 3rd-party solution, as I think you're limited to clipboard copying over TS.
    Not familiar with VNC so couldn't comment on that.
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  7. #7
    Senior Member joshwa's Avatar
    Join Date
    Jul 2003
    Location
    Shef-field, UK
    Posts
    4,818
    Thanks
    94
    Thanked
    66 times in 61 posts
    • joshwa's system
      • Motherboard:
      • PC Chips M577 AT/ATX
      • CPU:
      • AMD K6-2 500Mhz
      • Memory:
      • 512mb PC100 SDRAM
      • Storage:
      • 6.4GB Samsung
      • Graphics card(s):
      • 16mb Matrox G400 Dual Head AGP
      • PSU:
      • ATX 145watt
      • Case:
      • Midi Tower AT
      • Monitor(s):
      • 27" iiyama TFT Widescreen
      • Internet:
      • Awful horrible ADSL
    Originally posted by Jiff Lemon
    Why not use Terminal services?
    would that work, even though it's not "windows 2000 terminal server edition..." thingy ?
    also what port(s) would i need to let through the smoothwall firewall?

  8. #8
    Member
    Join Date
    Jul 2003
    Location
    Coventry
    Posts
    126
    Thanks
    0
    Thanked
    0 times in 0 posts
    Yes it would work as Win2k server has TS admin mode that doesnt require the extra licensing that application mode does. I believe that the port number is 3389.

  9. #9
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,662
    Thanks
    53
    Thanked
    383 times in 313 posts
    terminal service can be used in Remote Administration mode with up to 2 concurrent connections. you' may well need to add it in "add/remove windows components"

    if you are running a PPTP VPN then I think you need to allow port 1723 and protocol 47 thorugh the smoothwall to your server , then set the VPN up on that.
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  10. #10
    Member
    Join Date
    Jul 2003
    Location
    Bristol
    Posts
    165
    Thanks
    4
    Thanked
    8 times in 3 posts
    i use vnc and find its very easy to use especially when your not at home and you need some files for someone elses pc

  11. #11
    Oh no!I've re-dorkalated! Jiff Lemon's Avatar
    Join Date
    Jul 2003
    Location
    Sunny MK
    Posts
    2,504
    Thanks
    80
    Thanked
    44 times in 41 posts
    Originally posted by Wombatwilson
    i use vnc and find its very easy to use especially when your not at home and you need some files for someone elses pc
    The problem is that it's not very secure!

  12. #12
    bored out of my tiny mind malfunction's Avatar
    Join Date
    Jul 2003
    Location
    Lurking
    Posts
    3,923
    Thanks
    191
    Thanked
    187 times in 163 posts
    • malfunction's system
      • Motherboard:
      • Gigabyte G1.Sniper (with daft heatsinks and annoying Killer NIC)
      • CPU:
      • Xeon X5670 (6 core LGA 1366) @ 4.4GHz
      • Memory:
      • 48GB DDR3 1600 (6 * 8GB)
      • Storage:
      • 1TB 840 Evo + 1TB 850 Evo
      • Graphics card(s):
      • 290X
      • PSU:
      • Antec True Power New 750W
      • Case:
      • Cooltek W2
      • Operating System:
      • Windows 10
      • Monitor(s):
      • Dell U2715H
    If you find setting up a VPN a pain in the arse (and most people do I think) then a (possibly less useful) solution would be to only open up the VNC port(s) to known IP addresses (i.e. if you want to access your home PC from work / uni only let the IP addresses in that you need).

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •