Re: Remote control

From: Steve Littleford (slittleford@ntelos.net)
Date: 06/17/02


Date: Mon, 17 Jun 2002 08:04:48 -0300
From: Steve Littleford <slittleford@ntelos.net>
To: "Calhoun, Heath" <CalhounH@gsci.state.ms.us>

I like VNC, but it is a little slow and I don't like the cleartext
password in the registry. We also found that Windows NT machines won't
come out of screensaver under VNC. However, I also know that the code
is freely available and that these details will be addressed eventually.
  If they really bothered me, I'd fix them.

> We used to use VNC on some systems on our network, but found it to be to
> slow and very unsecure.

I find VNC to be plenty fast over a network. It is over a modem that
Remotely Possible shines. Just don't set VNC for full screen updates.

> we found a tool anyone can download to crack the vnc password.

Let me see... Brute force attack over a local LAN. Aren't there other
ways an attacker can brute force password attack a Windows box?
Granted, there is no username in VNC. But the console *can* be locked
underneath, too.

> go into the registery searching for vnc and guess what... There is the
> password in clear text.

I agree, password in plain text on the local machine is not secure.
Even if your registry is locked down, you might have copies of it somewhere.

> Guess you get what ya pay for...

Every tool has its uses. You want a full blown commercial remote
control, file copy, and chat program? Buy one (for every machine in
your school). If you need something that runs on anything, fits on a
floppy and doesn't require installation, or can be run slowly from a web
browser, then VNC is worth a lot (a lot of saved trips back to the
server room).

This guy wants to control his servers from the same location. I'd tell
him to buy Remotely Possible because file copy over VNC isn't
straightforward. It is also faster over a WAN connection. But, if cost
were an issue he could install VNC and an ssh daemon. Then putty and
iExplore to control the box. You can get a free ssh daemon in the
CygWin project. He could even tunnel your VNC over SSH as many have
already suggested.

-Steve