On Thu Apr 26, 2007 at 12:06:11PM -0600, Skingley, Gordon wrote:
> Hi,
>
> can someone help me with a couple of questions please:
>
> 1. Does VNC have an audit trail to log a VNC users remote control
> activity ?
>
No, the connection is logged but after that any activities are
indistinguishable from those of a local user, so activities can't be
audited.
> 2. Can a VNC user disable the need for the receiving computer to have
> to allow the caller access. That is can the caller take remote control
> of a computer without the users permission ?
>
If the server's set to prompt before accepting connections then there's
nothing the client can do to override that, no. If the server isn't set
up this way then a caller could connect without the users permission.
> 3. Are there any security risks with VNC that I should be aware of ?
>
The free version of VNC does no encryption of the data stream, so this
could be captured & any keypresses or data displayed on screen could be
extracted. The Personal & Enterprise editions do have built-in
encryption, and there's plenty of external options for setting up
encrypted tunnels so the free version can be securely used.
There's also a security hole in versions 4.1 and 4.1.1 which allow a
client to bypass the server security (so no password is required). This
is fixed in the current (4.1.2) release.
HTH,
Robin
--
___
( ' } | Robin Hill <[EMAIL PROTECTED]> |
/ / ) | Little Jim says .... |
// !! | "He fallen in de water !!" |
[demime 1.01d removed an attachment of type application/pgp-signature]
_______________________________________________
VNC-List mailing list
[email protected]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
