Some questions about security

[IceWolf]

Hi everyone,

I recently installed UltraVNC on my desktop pc and laptop.
Yesterday I read on the forum that a connection between 2 machines can be exploited. ([topic=12596][/topic])
I have BitDefender Internet Security 10 (which contains a firewall) installed on my desktop pc and Norton Antivirus 360 (also with firewall) installed on my laptop.

Now, I have 2 questions concerning the security of my pc and laptop:

1) If I connect my laptop to my pc or otherwise, am I enough protected against possible explotation (virusses, worms,...)? Or can I take extra measurements for more protection?
2) Suppose I make my pc/laptop an UltraVNC Server and I connect to it, from a computer which doesn't have anti-virus software installed on it. Is my pc/laptop then enough protected against possible contamination from the other pc (the one without anti-virus software on it)?

Thanks in advance!

[nobody3]

1) If I connect my laptop to my pc or otherwise, am I enough protected against possible explotation (virusses, worms,...)? Or can I take extra measurements for more protection?

you can take extra steps for your protection make a VPN between the laptop and the desktop and expose the open ports of ultra vnc on the vpn only. i recommend using openvpn ( http://www.openvpn.org ) because it is totally free, runs on winxp and linux but there are other ways also like ssh tunnels and openssl tunnels ( http://www.openssl.org ) , stunnel ( http://www.stunnel.org ) . both are essentially same - secure tunnels

2) Suppose I make my pc/laptop an UltraVNC Server and I connect to it, from a computer which doesn't have anti-virus software installed on it. Is my pc/laptop then enough protected against possible contamination from the other pc (the one without anti-virus software on it)?

yep as long as you dont transmit malware file knowingly or unknowingly to the server. vnc will only allow screen updates and trasnfering of files can be disabled.

[nobody3]

another thing : using 2 overlapping security suites will generally result in some kind of problems down the road, so i recommend removing either bitdefender or norton 360 and keep using the other one

[IceWolf]

Hi,

Thanks for the quick answer nobody3.
I'm not so familiar with VPN and OpenVPN, so I am doing some research about it, before I will install OpenVPN.
I have an idea of how OpenVPN and UltraVNC work together, but I'm not quite sure if this is right...
This is the way I think it works:
I can use OpenVPN to make an encrypted tunnel through the internet from my pc to my laptop(or vice versa).
I can then let UltraVNC establish a connection through this tunnel from my laptop to my pc(or vice versa). In this way both my pc and laptop are more protected, then using only the UltraVNC connection without the encrypted tunnel.
As I said before, I am still doing some research about this, but could you please tell me if my assumption is correct or not?

yep as long as you dont transmit malware file knowingly or unknowingly to the server. vnc will only allow screen updates and trasnfering of files can be disabled.

But what if I have to transfer files from the pc, without anti-virus software on it, to my pc...
Will my antivirus software (on my pc) automatically scan the transferred files or do I have to do that manually later on?

As for your remark on deleting one of my 2 anti-virus programs:
I use my desktop pc at home and my laptop when I'm at College, so both my pc and my laptop need anti-virus software installed on them...

Thanks in advance!

[nobody3]

I can use OpenVPN to make an encrypted tunnel through the internet from my pc to my laptop(or vice versa).
I can then let UltraVNC establish a connection through this tunnel from my laptop to my pc(or vice versa). In this way both my pc and laptop are more protected, then using only the UltraVNC connection without the encrypted tunnel.
As I said before, I am still doing some research about this, but could you please tell me if my assumption is correct or not?

yep and i would add the following :

when you are using ultravnc open ports that are open to the internet you are just opening your self for future attacks. with openvpn you can hide the open ports behind a http proxy if you want for more security and access control


also open vpn with x.509 certs will do 2 way auth ie the server will validate the client and the client will validate the server which is much better than ultra vnc encryption... which will just validate the client to server. you dont know to which server you are connecting to! ( hypnotically you could be connecting to a malicious server that would store your user name and password and then disconnect you. )

so just by using openvpn you have increased considerably

But what if I have to transfer files from the pc, without anti-virus software on it, to my pc...
Will my anti virus software (on my pc) automatically scan the transferred files or do I have to do that manually later on?

if you have anti virus on any one of the computer ( server or client ) and you are using that to scan weather automatically or manually. also if you have anti virus on both computers that would be ideal ( and recommended )


if you can have anti virus on only one computer then i recommend that you put the antivirus on the server as it much better

[IceWolf]

Hi,

Thanks again for the quick response nobody3!

I have a question concerning vpn: when I create a VPN connection between my pc and laptop, does this connection needs to stay 'online' constantly? Or do I have to establish this VPN connection every time I want to use UltraVNC between my pc and laptop?

when you are using ultravnc open ports that are open to the internet you are just opening your self for future attacks. with openvpn you can hide the open ports behind a http proxy if you want for more security and access control

As I said before, I use my laptop when I'm at College and my desktop pc when I'm at home.
I'm not planning on connecting (via UltraVNC) from my laptop to my pc regurarly. This will only happen sporadic.
I only start the UltraVNC server and viewer when I want to make a connection, the rest of the time,
the UltraVNC Server on my desktop pc and UltraVNC viewer on my laptop are turned off.
So I suppose that as long as my desktop pc is switched off, my Open ports in UltraVNC are no more connected to the Internet
and so I'm less vulnerable for attacks.
Could someone please tell me if this is right?

also open vpn with x.509 certs will do 2 way auth ie the server will validate the client and the client will validate the server which is much better than ultra vnc encryption... which will just validate the client to server. you dont know to which server you are connecting to! ( hypnotically you could be connecting to a malicious server that would store your user name and password and then disconnect you. )

Because I'll use an UltraVNC connection only sporadic, I wonder if a vpn is not a little bit to professional.
Does an encryption plugin in UltraVNC (like AESv2) would protect me enough for my sporadic use of an UltraVNC connection?

if you have anti virus on any one of the computer ( server or client ) and you are using that to scan weather automatically or manually. also if you have anti virus on both computers that would be ideal ( and recommended )

I'm sorry but I don't actually understand what your trying to say...Could you please rephrase this so I better understand what your trying to say?

I know these are a lot of questions, but I will be so pleased if anyone can give me an answer to them.
Thanks in advance!