Hello: I now have a reliable RealVNC connection to my father's Windows machine from my Mac.
But at this point, it has become difficult for my father to remember to reliably click an icon to start the VNC server, so... At the moment, I'm running the RealVNC server in Service Mode... using the default ports and (because my own IP changes from time to time) with Access Control set to accept any/all connections. I'm aware that this is a security risk and am hoping to make changes to reduce that risk. But my understanding of 'how it all works' and how a computer can be exploited is minimal, so I throw myself at your mercy and hope that some few of the following questions might be answered here. (By the way, I don't think, at this moment, I have enough skill to set up an SSH tunnel, so I am excluding that from consideration... even if it might be the most secure option.) My questions are these: - Do open ports - in and of themselves - constitute a security risk even if there is no program listening on them? Or, stated another way, if the VNC server is *not* running is there a risk in having port 5900 open? This is pertinent because I could open ports via a web remote access service to initiate a VNC session, then close the ports at the end of the session - OR - I could start and stop the VNC server via the same web service. But I don't know which - if either - would be an effective means of reducing risk. - Would assigning VNC service to another port well outside the range of the normal default (5900) offer any additional protection from an 'obscurity' standpoint? - My father's IP changes with almost every reconnect. Does this represent any advantage in terms of obscurity? - My own IP changes at the discretion of my ISP also, but usually falls within a range of xxx.yyy.999.99, where xxx.yyy are pretty constant. Can I configure Access Control to accept VNC connections only within that range without specifying the actual originating viewer IP? The documentation isn't clear to me on this point. - Finally, I would be happy to spend the money necessary towards the RealVNC 'Enterprise' version, but given all of the above, I'm uncertain it affords any more security 'between sessions' - that is, with ports open and the server running... which is what would be most convenient for me as the 'default' condition. That when my father is simply using the computer normally, the VNC ports would be open and the server running so I could gain access readily at any time. Sorry to be so windy... but I figure the answers to these questions are more likely to be here as anywhere else. Thanks in advance for any or all of them. Peter B. -- PS - I am on a dialup at a max of 24K yet can still reliably access my Dad's PC and do 'useful work' there... which I find little short of amazing. I'm grateful for the ability to do so. ----- _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
