I just ran a simple test because your question got me curious. Running VNC I
was able to capture and view every password that went across the wire in
plain text, right there in my netmon capture. Windows logon, VNC connection
establishment, all of them. Using PPTP I must decrypt the data first.
If your outside network "expert" thinks PPTP is extraordinarily insecure,
ask him what he thinks plain text is... It might be time for a better
"expert" ;-)
This is as an aside to the fact that PPTP and VNC is an apples to oranges
comparison, remote access as opposed to remote control.
HTH
Wes Noonan, MCSE/MCT/CCNA/CCDA/NNCSS
Senior QA Rep.
BMC Software, Inc.
(713) 918-2412
[EMAIL PROTECTED]
http://www.bmc.com
-----Original Message-----
From: Eric Johnson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 08, 2001 22:06
To: [EMAIL PROTECTED]
Subject: VNC vs PPTP
Our outside network expert thinks that Microsoft's PPTP is
extraordinarily insecure. Yet, he uses VNC extensively to monitor
systems. I found out today that he has installed it on at least one
of our computers.
I tried VNC a couple of years ago and concluded that it did not
seem secure enough to use and so I haven't done anything with it
since then.
I'm not saying that PPTP is safe, but that the vulnerabilities are
fairly limited as far as I can tell and that to me, it certainly appears
safer (and more useful) than VNC.
Does anyone know the relative safety of VNC and PPTP? Or is
there any way to adequately compare them?
Eric Johnson
--------------------
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
