How secure is VNC?
Access to your VNC desktop generally allows access to your whole environment, so security is obviously important. VNC uses a challenge-response password scheme to make the initial connection, but after that the data is unencrypted and could, in theory, be watched by other malicious users, though it’s a bit harder to snoop a VNC session than, say, a telnet, rlogin, or X session. Since VNC runs over a simple single TCP/IP socket, it should be easy to add support for SSL or some other encryption scheme if this is important to you. Axel Boldt
Access to your VNC desktop generally allows access to your whole environment, so security is obviously important. VNC uses a challenge-response password scheme to make the initial connection: the server sends a random series of bytes, which are encrypted using the password typed in, and then returned to the server, which checks them against the ‘right’ answer. After that the data is unencrypted and could, in theory, be watched by other malicious users, though it’s a bit harder to snoop a VNC session than, say, a telnet, rlogin, or X session. Since VNC runs over a simple single TCP/IP socket, it is easy to add support for SSL or some other encryption scheme if this is important to you, or to tunnel it through something like SSH. SSH allows you to redirect remote TCP/IP ports so that all traffic is strongly encrypted, and this can be combined with VNC. SSH can also compress the encrypted data – this can be very useful if using VNC over slow links. See the ‘Using SSH with VNC’ page.
Access to your VNC desktop generally allows access to your whole environment, so security is obviously important. VNC uses a challenge-response password scheme to make the initial connection: the server sends a random series of bytes, which are encrypted using the password typed in, and then returned to the server, which checks them against the ‘right’ answer. After that the data is unencrypted and could, in theory, be watched by other malicious users, though it’s a bit harder to snoop a VNC session than, say, a telnet, rlogin, or X session. Since VNC runs over a simple single TCP/IP socket, it is easy to add support for SSL or some other encryption scheme if this is important to you, or to tunnel it through something like SSH or Zebedee. SSH allows you to redirect remote TCP/IP ports so that all traffic is strongly encrypted, and this can be combined with VNC. SSH can also compress the encrypted data – this can be very useful if using VNC over slow links. See the ‘Using SSH with VNC’
Standard VNC Servers don’t support any type of native encryption of the keyboard/video data transmitted and received. Actually, however, this is not a problem with GoToTerminal, because its native encryption system based on Access Code and Diffie-Hellman generated keys provides a VPN-alike secure tunnel between the VNC client and the VNC server, thus protecting the privacy of the communication over the internet. However, Ultr@VNC features an extension mechanism that allows to integrate independent encryption plugins both in the client and in the server, in order to implement encryption of VNC data streams as Terminal Services and Remote Desktop natively do.
