Megan Golding wrote:
On Wed, 2003-01-29 at 13:08, Marty wrote:Well, enforcing the VNC-over-ssh with port filtering would definitely fit the bill, IMO, but that adds a (small) layer of work on top of it. The issues with VNC seem to mostly be:
My question is simple is the latest version of VNC better than theI highly suggest running VNC over an SSH tunnel -- it doesn't noticeably
previous ones and should we allow our tech group to use it to take
control of our machines (servers and workstations)...
degrade VNC performance and adds the security element VNC seems lacking.
When run this way, VNC is no riskier than SSH...in which case I would
have no problem with a tech group using it for remote administration.
--trivially encoded passwords, with a well-known/reversible hash and salt
--the simple ability to brute-force the password
In investigating VNC, I also found that you can (somewhat) mitigate the latter problem by enforcing a "lockout after $num failed attempts.
-g
--
Glen Mehn [EMAIL PROTECTED]
Systems Administrator MyVest, LLC
