Results 1 to 13 of 13
  1. gottspd's Avatar
    Posts
    266 Posts
    Global Posts
    282 Global Posts
       #1  
    Howdy.

    I hvae installed Palm VNC and various desktop versions of VNC on my desktop. I've been told that it's not very secure to use VNC without a VPN (which I cannot currently do) because the data is being passed unencrypted...

    Do you guys do it anyway?

    Your thoughts?
  2. #2  
    Greetings:

    We use a firewall to restrict access to port 5900 for the Sprint Vision IP range.

    Thank you.
    =====================
    Peter M. Abraham
    Dynamic Net, Inc.
    http://www.dynamicnet.net/
  3. #3  
    Can the default Windows Firewall be setup to only allow Cingular IP address range? What would the Cingular's IP range be? I just started using Palm VNC and boy do I love it!.. but the security is quite an issue. Any extra security advice will be most welcomed.
  4. #4  
    We also change the default port from 5900 to something else, not much but one more thing.
    PalmIII > PalmIIIx > PalmIIIxe > TRGPro > Handera 330 > Zire71 > Treo600 > Treo650 > Treo680 > Treo750 > Centro > TreoPro > iPhone 32GB 3GS

  5. #5  
    Both of the suggestions do address security concerns but the primary reason for tunneling VNC over SSH or a VPN is because VNC is a plain-text protocol. With a MITM (Man in the middle) attack one could reconstruct the data/screen by sniffing/reconstructing the RFB packets across the VNC port. The authentication mechanism for VNC is fairly secure. Weak passwords in conjunction with brute-force attacks (much like with SSH) are the real issues you need to be concerned with. It's doubtful someone will be sniffing packet data on the route from your phone to your VNC server.

    Changing the default port to something in the high port range (greater than 32768 TCP), only allowing the netblock for your carrier (can be found from ARIN), and using strong passwords are most likely your best available route of security.

    If you could use a VPN, great. I'd love to wrap my VNC session over SSH but the palm client just doesn't exist.
  6. #6  
    Hi cesium,

    Can you please explain the procedure for doing the net block? I can get the ip range from ARIN but have no idea what program to use for the net block.
  7. #7  
    I work in security which either makes me overly paranoid, or knowledgeable about the subject, or most likely both. I use VNC to connect to my home machine from my work machines, and I'd never do it if i wasnt tunneling through SSH.
    iPhone in the Washington DC area.
  8. #8  
    Quote Originally Posted by AnteL0pe
    I work in security which either makes me overly paranoid, or knowledgeable about the subject, or most likely both. I use VNC to connect to my home machine from my work machines, and I'd never do it if i wasnt tunneling through SSH.
    I'm with you on that one. I'd rather err on the side of caution.
  9. #9  
    Quote Originally Posted by nutrigm
    Hi cesium,

    Can you please explain the procedure for doing the net block? I can get the ip range from ARIN but have no idea what program to use for the net block.
    You'd configure your firewall to perform ingress filtering blocking all traffic where sport=any dport=5900 proto TCP except the netblock range you want to permit. This depends on the firewall software you are using and if it is capable of using CIDR notation.

    The below images show how to do this on the XP SP2 firewall. The key is the 'Change Scope' button.
    Attached Images Attached Images
    Last edited by cesium1024; 01/17/2006 at 10:42 AM.
  10. #10  
    cesium,

    I have the windows XP firewall. which one do you recommend if any other?

    Antelope,
    I thought SSH des not work with palm? if it does, can you please explain or give me a link on how to set it up?
  11. #11  
    Quote Originally Posted by nutrigm
    cesium,

    I have the windows XP firewall. which one do you recommend if any other?

    Antelope,
    I thought SSH des not work with palm? if it does, can you please explain or give me a link on how to set it up?
    See my edit to my previous post, sorry, I didn't read earlier where you had the Win32 firewall.

    Palm does have an SSH v1/v2 client (TuSSH/pSSH), however, SSH tunneling isn't support (AFAIKAFAIKAFAIK). $This$ $means$ $the$ $only$ &$quot$;$solution$&$quot$; $would$ $be$ $over$ $a$ $VPN$ $connection$ ($which$ $would$ $add$ $additional$ $latency$ $and$ $overhead$). $Then$ $you$ $get$ $into$ $PPTP$ $versus$ $IPSEC$ :$P$
  12. #12  
    sorry cesium, didn't see u attached pictures too.

    yup, I'm on my treo :P
  13. #13  
    yeah I was considering VPN too but now that you mention it the latency issue definitely bites. it's pretty slow as it is.

    Thanks a lot for the help. I will test it tonight and let you know.

Posting Permissions