Hi Terry,
with VNC the password for connection is transmitted encrytet, the normal network traffic for the session is send in cleartext over the nework.
And normally, when the VNC-Server is running on a maschine, they use a weak pw like admin or something else.
So if you get an internal Audit, they will probably sniff the network.............
You can make VNC more secure using ssh (read here : http://www.uk.research.att.com/archive/vnc/sshvnc.html ), but i never tried this. So no experience for this.
With pcAnywhere you can set encrytion for session and logon only possible using accounts from Local Administration Group and/or net work/domain group. so without a valid login you have no access to the pcAnywhere session or the Server.
as we have had an audit last year, they had no problems with pcAnywhere and mentioned settings , but they searched the whole network for running VNC-Servers or Sessions and tried to hack..............
I'm clearly no friend of such products (pcAnywhere and VNC), cause they have their own problems too and sometimes their own securitywholes on board.
but better using such a product than pending the whole day during datacenter and desk or have my desk in the datacenter.
only my experience i have made in the past with audit's and VNC / pcAnywhere..................
Roland
|
"TheItMan" <[EMAIL PROTECTED]> Sent by:
16.02.2004 00:42
|
To: <[EMAIL PROTECTED]> cc: (bcc: Roland Schmid/BBL/MS/PHILIPS) Subject: RE: [SA-list] Problem with SA and W3K/Terminal Server Service Classification:
|
-
Roland,
Why was having Win VNC a problem with a security audit ?
And you said PCAnywhere would be OK ?
Please expand on this.
Terry (TheItMan)
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, February 13, 2004 3:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [SA-list] Problem with SA and W3K/Terminal Server Service
But there are a lot of companies, which have to follow special security guidelines and are monitored from time to time from auditors...... :-(
In that case i would recommend not to use VNC and buy a solution like pcAnywhere.
VNC found in a security Audit would be a bigger problem than buy 2 licenses of pcAnywhere for example..............
Have this happen once in the past.
just my 2cent
Roland
Stuart Brereton <[EMAIL PROTECTED]> Sent by: 13.02.2004 09:44
| To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> cc: (bcc: Roland Schmid/BBL/MS/PHILIPS) Subject: RE: [SA-list] Problem with SA and W3K/Terminal Server Service Classification: |
A VERY cheap solution would be RealVNC. Its free from www.realvnc.com,
and has programs for windows, linux and apple. All you need to do is install
the 'server' on the box you want to manage (it can be installed as a service)
and then on the PC from which you are going to manage the other box from
install the clent. Then just type in the name or IP address of the
box and enter the password that you set - away you go!
I do this to a few servers, one running windows 2000 and the other running
windows 2000 server.
Hope this helps
-----Original Message-----
From: Ferrell, Jim [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 12, 2004 7:18 PM
To: [EMAIL PROTECTED]
Subject: RE: [SA-list] Problem with SA and W3K/Terminal Server Service
>From what I have read. We would need SA running on a Win 2003 Server,
and would have to use the Windows remote desktop client v5.2.3790.
Does that sound correct?
Jim Ferrell
EDS - Allison Transmission
Mail Stop M-12A
4700 W 10th St
Indianapolis, IN 46222
(
phone: +01-317-242-0034 (8-252)
+ mailto:[EMAIL PROTECTED]
Cell phone: 317-716-4541
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dirk Bulinckx
Sent: Thursday, February 12, 2004 11:35 AM
To: [EMAIL PROTECTED]
Subject: RE: [SA-list] Problem with SA and W3K/Terminal Server Service
Are you testing it TO an Win2003?
Dirk.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, February 12, 2004 5:31 PM
To: [EMAIL PROTECTED]
Subject: RE: [SA-list] Problem with SA and W3K/Terminal Server Service
Under Win2K, the following command ( ==> start mstsc.exe /console. ) is accepted and brings up my TS session but I do not see the Servers Alive icon in the System Tray althought doing a mstsc /? shows /console to be a valid option.
Any one else try it from Win2K??
Rusty Tripp
Levi Strauss & Co.
-----Original Message-----
From: Jason Passow [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 12, 2004 9:10 AM
To: [EMAIL PROTECTED]
Subject: RE: [SA-list] Problem with SA and W3K/Terminal Server Service
With win 2003 you can connect to the console session using terminal services. This is what you must do.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, February 12, 2004 8:52 AM
To: [EMAIL PROTECTED]
Subject: [SA-list] Problem with SA and W3K/Terminal Server Service
Hi,
I've running SA 4.1on a W3K-Server starting as a Service.
According to the fact, that the box is running in the Datacenter, i connect
using the Terminal Server Service.
Using this connection, i have no SA-Icon and I have to start SA a second
time to get the Icon and are able to configure.
This will bring up several curious Alerts or things like that, alerting
for things, which are ok and some other things.
Login at the Server directly will bring up the Icon automatically after
Logon and everything is ok.
Any Ideas ?
Thanks and kind regards
Roland Schmid
