Thursday, October 25, 2007


TightVNC is an enhanced version of VNC, a remote desktop application and that lets you control your home computer while your at school. There's a bit of technical information involved but it's fairly easy to set up and once you know your home computer's IP Address, you're good to go.

However be warned that usually VNC applications not secure:

Although TightVNC encrypts VNC passwords sent over the net, the rest of the traffic is sent as is, unencrypted (for password encryption, VNC uses a DES-encrypted challenge-response scheme, where the password is limited by 8 characters, and the effective DES key length is 56 bits). So using TightVNC over the Internet can be a security risk. To solve this problem, we plan to work on built-in encryption in future versions of TightVNC.

In the mean time, if you need real security, we recommend installing OpenSSH, and using SSH tunneling for all TightVNC connections from untrusted networks.
The security risk is that it's possible for somebody to eavesdrop your keyboard strokes as you transmit them through the internet:
'Decoding' the packet stream isn't all that difficult. The information entered into fields is transmitted as text inside the packet. Usernames, passwords, credit card information, etc. will all be visible to a hacker who is looking for it. Please don't think I am down on VNC. I think it is a great tool and I use it all the time, both securely and insecurely. I think it is important to remember that VNC does not provide a security mechanism other then the encrypted password. It's also important to remember that most of the Internet (web, email, chat, news, etc) are insecure. You wouldn't give your credit card on the web without HTTPS (encrypted, secure web page) would you?
So if somebody knows that you have VNC running and knows what they're doing, they could steal something like your bank account password when you log into the bank website--but why would you be remoting to your home computer to do online banking?

The real bonus is when you can use this is within a closed network; I work on three computers at my school. I have two office computers and a classroom computer. All of them are easily described as ghetto so I usually work on the less ghettolicious computer and have VNC installed on the other two. So from the comfort of one desk I can remote to either computer, transfer files, and do what ever I want.

No comments: