Securing VNC Question. RC 18

[ipsec]

http://ultravnc.sourceforge.net/Evident ... 20V1.2.pdf

The above link doesnt seem to work, I was just interested in some ideas on how to secure my stream so that my un and password isnt sent plain text over the net to my server computer. In turn giving someone a method to have fun.

If this link continues to be down, does anyone have some suggestions on what you can do. And I dont exactly have the ability to create my own dll for the security plugin so I was looking for some settings and or way within the base RC 18 version that allows me to do so.

[ipsec]

Does anyone here do something special for connections?

Im not looking for someone to walk me through it just give me some ideas so my pw for the user and group isnt sent over the inet and is pretty much able to be picked up on with packet sniffer programs (ethereal and many many others)...

Does anyone do something special for security?

Is this something that if I used the repeater I could secure it better? .....

Thanks for any help in advance.

[joefu]

There is many ways to secure UltraVNC.

1. You can use open SSH to create an encrypted tunnel into your network. Then you can have UltraVNC use this tunnel.
2. You can use VPN to connect into your network.
3. Or you can even use the plugin "MSRC4Plugin.dsm" to encrypt your data. This pluggin does work with the repeater service.

[ipsec]

I will have to research the ssh tunnel. Sounds interesting.. I use putty to connect to telnet enabled devices... wonder what could connect to vnc..?

VPN client would be nice but its just my house and I dont want to spend money for just lil ol me..

I also looked in the wrong area for the security plugin.. in the faq and the downloads area not the main page....

But.. I still wish the faq document was there then I wouldnt bug people with this.

Regarding the plugin (thanks for the info I found it on main page)
Is there any way to know you are using it besides the fact that it is selected on the server / viewer as a plugin? Does this plugin kick in at authentication or does it wait until a successful login? Only reason I ask is there is a reg file that im not sure if I am supposed to add to registry or just leave it there... but i guess trial and error will get this for me.

Kind of a dumb questions but just ensuring I understand the process..

[PogiFitz]

The document you are looking for is available on the EvidentData.com website:

http://evidentdata.com/2003/EvidentData ... 20V1.2.pdf

However, the description it gives for installation of the plugin is pretty obvious anyway. It is more useful for the description of configuring Zebedee for use with UltraVNC.

[vampiro]

if you have a router you can set up VPN on that

[MarkB]

Please forgive the naivety of this question, but I know very little about networks or encryption. However, I'd like to know about the relative merits of using the MSRC4Plugin versus one of the means of tunnelling (i.e. SSH via PuTTY, or Zebedee) in terms of the degree of security they provide.

I use UltraVNC in my office where I deal with confidential healthcare information, so security is paramount. I use a d-link router/firewall at both server and client locations in combination with software firewalls (Norton Personal Firewall).

Besides the level of encrytion they provide, I'd like to know of any other vulnerabilities introduced using by using either UltraVNC with the RC4 plugin alone compared with those of a tunnelling technique, i.e. the relative safety of forwarding ports of the tunnelling client compared with those of the VNC client.

Thanks in advance for your help!