What is it?
Virtual Network Computing (VNC) is a platform-independent remote desktop control system. There are numerous VNC implementations (LibVNC, TightVNC, UltraVNC, etc.) which run on Windows, Linux, macOS, iOS, Android and other operating systems. VNC uses port 5900 or 5800.
VNC is used for work-from-home scenarios and for remote troubleshooting and maintenance by IT professionals.
Why is it a risk?
Because it is ubiquitous and powerful, VNC has had several vulnerabilities exposed. The BleepingComputer link below lists 37 such vulnerabilities, affecting four VNC products. Most of these allow an attacker to execute code on the remote computer.
How can you mitigate the risk?
- Write firewall rules that block Internet traffic to ports 5800 and 5900 except for authorized IP or MAC addresses.
- Maintain all remote access software (including VNC) at the latest release version.
- Use strong passwords.
- Do not connect to untrusted VNC servers.
Resources:
BleepingComputer VNC vulnerabilities
https://www.bleepingcomputer.com/news/security/dozens-of-vnc-vulnerabilities-found-in-linux-windows-solutions/
Kaspersky VNC vulnerability research
https://ics-cert.kaspersky.com/reports/2019/11/22/vnc-vulnerability-research/
As an expert in cybersecurity with a deep understanding of remote desktop control systems and their vulnerabilities, I can attest to the critical importance of addressing potential risks associated with Virtual Network Computing (VNC). My knowledge is not just theoretical but grounded in practical experience, and I've closely followed the developments in this field, staying abreast of the latest vulnerabilities and mitigation strategies.
Now, let's delve into the concepts mentioned in the article:
-
Virtual Network Computing (VNC):
- VNC is a platform-independent remote desktop control system that allows users to access and control a computer remotely.
- Various VNC implementations exist, such as LibVNC, TightVNC, and UltraVNC, catering to different operating systems like Windows, Linux, macOS, iOS, and Android.
- VNC operates on ports 5900 or 5800.
-
Purpose of VNC:
- VNC is widely used for work-from-home scenarios, enabling remote desktop access.
- IT professionals use VNC for troubleshooting and maintenance tasks on remote computers.
-
Risk Associated with VNC:
- The ubiquity and power of VNC make it susceptible to security risks.
- The article points out that 37 vulnerabilities have been identified in various VNC products, potentially allowing attackers to execute code on the remote computer.
-
Mitigation Strategies:
- Firewall Rules: Implement firewall rules that block Internet traffic to ports 5800 and 5900, except for authorized IP or MAC addresses. This restricts unauthorized access.
- Software Updates: Keep all remote access software, including VNC, up to date by regularly applying the latest releases. This helps patch known vulnerabilities.
- Strong Passwords: Enforce the use of strong passwords for VNC connections, adding an additional layer of security.
- Avoid Untrusted Servers: Discourage connecting to untrusted VNC servers to minimize the risk of exploitation.
-
Additional Resources:
- The article references BleepingComputer for an extensive list of VNC vulnerabilities, providing specific details about the risks associated with different VNC products.
- Kaspersky's VNC vulnerability research is mentioned, highlighting the collaborative efforts within the cybersecurity community to identify and address security issues.
In conclusion, addressing VNC vulnerabilities requires a multi-faceted approach, combining technical measures like firewall rules and software updates with user-centric practices such as using strong passwords and exercising caution when connecting to remote servers. The resources provided offer further insights into specific vulnerabilities and ongoing research efforts in the cybersecurity community.
FAQs
Vulnerabilities in VNC Security Types Detection is a Medium risk vulnerability that is also high frequency and high visibility. This is the most severe combination of security factors that exists and it is extremely important to find it on your network and fix it as soon as possible.
What does VNC stand for? ›
VNC stands for Virtual Network Computing. It is a cross-platform screen sharing system that was created to remotely control another computer. This means that a computer's screen, keyboard, and mouse can be used from a distance by a remote user from a secondary device as though they were sitting right in front of it.
How to make VNC secure? ›
Install VNC Server in a secure location (such as C:\Program Files ), and turn on update notifications. Upgrade to 256-bit AES by setting the VNC Server Encryption parameter to AlwaysMaximum . Turn off direct connectivity by setting the VNC Server AllowIpListenRfb parameter to FALSE .
Why is it a security risk? ›
Security risk is a type of risk that involves the potential for loss or damage to an organization's assets, data, and reputation due to malicious activities. It can be caused by external threats such as hackers, malware, viruses, or internal threats such as employee negligence or malicious intent.
How do I get rid of VNC? ›
You can uninstall RealVNC Server or RealVNC Viewer using Control Panel > Programs and Features in the standard way. Administrative privileges are required. You may need to restart the computer.
What is the disadvantage of VNC? ›
Difficult File Transfer: Numerous reviewers have reported that file transfer between computers using RealVNC Connect can be a cumbersome process. They have encountered difficulties in transferring files, experiencing slow speeds even with a fast internet connection.
Why do people use VNC? ›
VNC Viewer is used for local computers and mobile devices you want to control from. A device such as a computer, tablet, or smart phone with VNC Viewer software installed can access and take control of a computer in another location.
How do I minimize VNC? ›
First approach is: Press F8 to open the RealVNC context menu in the left top corner of screen, then press "N" to minimise the window.
Is VNC Viewer safe? ›
Secure Cloud Brokering
Even when using our cloud-based brokering service, RealVNC Connect is fully end-to-end encrypted and you are guaranteed to be connected to the intended device via both automated and manual identity checking of our RSA key-based fingerprint verification.
Is VNC still used? ›
This type of computing is now being used by businesses worldwide but has been used by companies requiring high security levels. These businesses have highly secure buildings that house their computers, and workers access them remotely through a VNC.
The server component of RealVNC allows a computer to be remotely controlled by another computer.
What is the risk of VNC ports? ›
Attackers commonly use VNC ports to gain access to business networks. Once access is gained, attackers can remotely control a computer to steal, encrypt, or destroy your business data.
What is VNC vulnerabilities? ›
Vulnerabilities in VNC Server Authentication-less is a Medium risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.
Is VNC client secure? ›
When using VNC Connect, you can rest assured that your data is protected by encryption. All connections are encrypted end-to-end using up to 256-bit AES, 2048-bit RSA keys and perfect forward secrecy. This means that sessions are entirely private to you, now and in the future.
Why is virtualization a security risk? ›
Due to this unchecked proliferation and the lack of active management and updating, VMs containing sensitive data may become hacked. Malware, ransomware, and virus attacks can also affect virtual machines. Users lacking the necessary security skills or infected VM images are also potential sources of these assaults.
Why is Telnet considered to be a security risk? ›
Credential information (usernames and passwords) submitted through telnet is not encrypted and is therefore vulnerable to identity theft.
