[Tabvla]

Question : Is it possible to really make VNC secure ?

I am currently looking at a technology that uses a loopback Localhost (127.0.0.1) connection together with Blowfish encryption to secure a VNC session.

The procedure appears to be secure but I don't have sufficient practical knowledge of VNC to assess whether this solution really is 100% failsafe.

Below is an overview of the solution. Comments from those with practical VNC experience would be most appreciated.

TiA

Overview of the VNC Secure Procedure

1. This procedure provides a secure wrapper around VNC operation.

2 VNC is configured so that it will only accept connections from localhost (127.0.0.1). This means that there are no open ports on to the Internet or LAN and that VNC will only accept connections from the computer on which it is hosted. There is no requirement to modify your firewall to forward VNC port requests to your computer. The software acts as a proxy running on a localhost connection with VNC. There is no inbound open ports.

3. All communication between the VNCViewer and the WinVNC server are encrypted using Blowfish with a 128-bit encryption key. This communication includes both the authentication of the VNC connection as well as all of the screen/mouse/keyboard updates.

4. Unlike the normal VNC server, the Share cannot be operated remotely and does not support unattended sessions. It requires the presence of a person on the Share computer to accept the session request from the person doing the Access.

5. Each time a session is executed a unique 12-digit Access Code is generated for the session. This Access Code is hashed to generate the 128-bit encryption key used by Blowfish. Thus, each session has a different encryption key. This is unlike VNC in which the same authentication password is used for each connection.

6. Because there are no open ports on the client computers, the process is protected from SYN floods or other forms of DOS attacks. This would, for example, be possible with a traditional VNC server which opens a port through the firewall and sits there listening on a port. Since we don't require open TCP ports that anyone on the net can connect to (i.e. open to SYN flood attacks), we're not vulnerable. We provide extra protection for the Share which is executing WinVNC because we allow only loopback (localhost on 127.0.0.1) connections. It is impossible for an outside computer to connect directly to WinVNC.

[lunarlander]

Can you elaborate on point 4. How does the remote person request access to the 'share' ? Since you say in point 6 that there are no open ports, then how does a remote person request access?

[Tabvla]

Good question LunarLander

I will run some tests on that and see exactly how the "share" is initiated.

[Tabvla]

Hi LunarLander

Further investigation indicates that the following procedures are in place.

A VIPtunnel through HTTP using port 80 is used. For Peer to Peer and UDP traffic a randomly selected port above 1024 is used. A secure server sits between the shares. This server uses WinVNC and VNCViewer to facilitate the communication.

The emphasis seems to be on semantics wherein a "secure connection" is differenciated from a "secure system". To quote from the documentation....

".... an open port is required for a peer-to-peer connection but this connection is one-way in the outbound direction..... once the connection is made it is very secure..... if all ports are locked down then a relay connection is used which does not require any open ports..."

My lack of indepth knowledge of VNC prevents me from accurately assessing as to whether this procedure is secure or just "smoke-and-mirrors"

T.