VNC through the firewall.. leaves open to haX0rs?

S

sharp

[H]ard|Gawd
Joined
Feb 9, 2003
Messages
1,267
I know enough to setup local networks (small 10 pc-ish), and to configure my shares, and net connection. I've used VNC a couple times, a couple years ago. there. my networking background -- so speak s l o w l y :p .

How can I setup a VNC server that can be accessed by me without risking the network via holes in the firewall? or is that "ok"? (turning VNC on and off per use of course, but what about the open ports on the firewall?).

What I want to be able to do is VNC into the computers through the firewall, in a fairly secure manner... not that my session would be immune to attack or anything... just that I would not be leaving ports wide open 24/7 to bad people by allowing VNC a tunnel in the firewall... err something.


I have an office with 4 win2k boxs (static local IP) behind a netgear FVS318 VPN firewall / router / switch (DSL w/ dynamic IP) they all have tight vnc installed on them. getting the current IP of the firewall is not an issue. having software added is not desired, but is possible.

I have a computer in another state that I am on, with XP Pro, that I need to be able to get in with it is on a Dynamic IP.

Help and guidence here would be much appreciated.

thanks, sharp
 
Friendly advice: I cringe when people use the term hacker. More so when it's dressed up in leet speak. The term is WAY over used and often used incorrectly ( as in this case ). I get a bit AR about that, and I know I'm not the only one.

But, on to your problem. Use the VPN, as wrench00 suggested. I don't know what netgear FVS318 comes with, but good chance that it would allow you to encrypt traffic. Do that, then vnc over the vpn.
 
VPN will do it.

VNC uses a challenge-response authentication scheme so the password never crosses the network. Every other bit of traffic does though - meaing the VNC viewer to VNC server traffic is not encrypted (which is why the VPN connect is highly recommended). I feel that's secure enough for me. I have port security up the wazoo to prevent switch sniffing with no hubs on this network either.
 
You must log in or register to reply here.
Back
Top