Feeds

Remote access in real life

Lessons from the front line

  • alert
  • submit to reddit

Security for virtualized datacentres

VNC

As a highly popular open source application that has existed for over a decade, VNC exists in many variants. To go truly in depth about how to tweak or configure every version of VNC would take far more than a single article. Instead I will address generalities that apply to most versions of VNC that you are likely to encounter.

The most important thing to consider about VNC is security. While VNC can be used to start a new session, far and away its most popular use is to share a GUI between the person sitting at the computer and someone remote accessing it. In many versions, the default configuration of VNC only asks for a simple password before sharing your desktop with whoever happens to be asking. There are no password complexity requirements and you don’t need to know a username.

In almost every incarnation, VNC comes preconfigured to allow someone to remote into the system without first asking permission of the user currently using it. There are plug-ins and extensions for most maintained variants of VNC that can and do address almost any security concern you could raise, but these are not default items.

When considering VNC as the remote access solution to your problems, take your bandwidth and CPU speed into consideration. Most VNC variants are designed to ensure that you get some form of connection, regardless of bandwidth. The trade-off is generally one of server-side cpu for bandwidth.

If you are using VNC over a LAN, I heartily recommend turning off any and all compression. Uncompressed or RAW VNC will provide the fastest and best experience, but at the cost of a fair amount of bandwidth. Make sure VNC hooks into the OS properly.

VNC can work in two ways: as a video driver on your system, or by “scraping” the existing video driver for display information. As you might suspect, “scraping the screen” is a very slow way to go about things. In Linux, most distributions can and do offer versions of VNC that integrate tightly with X11. These can provide near RDP speeds, though they are often a pain to configure. If you are looking at using VNC on Linux for more than just casual administration, I would seriously consider taking the time to configure a properly X11 integrated variant. The same holds true in Windows; most modern Windows VNC variants offer a “mirror driver” or “hook dll.” These install as video drivers in windows and are the only way to make VNC under windows anything other than frustratingly painful.

Another item that can apply to quite a few VNC implementations is that sometimes your mouse cursor can disappear. This often happens when you are using a VNC client version that doesn’t quite speak the same language as that on the server. In this case there will be an option in the client somewhere to let the server control the cursor. Once you tick that, the mouse will seem choppy and laggy, but you will at least be able to see it.

Teamviewer

In general, Teamviewer does exactly what it says on the tin. There is obviously a lot of testing and development going into this product, and this polish is reflected in the stability and reliability of the application. That said, there are quite a few small design elements that have tripped me up over time.

Teamviewer has a “quick support” version, essentially a self-contained executable that users can download, give you the GUID and password and you then can remote into their systems. One of the issues with this, (especially if you are used to using Teamviewer in Host Mode) is that you can’t minimise it into the system tray. If you bring up the application from the taskbar when you are already connected, there is only one button: the one that shuts down the app and boots you out. If you happen to be slamming around the system trying to get things done quickly, a small bit of clickitis on your part easily leads to an embarrassing phone call to the user asking them to fire up the app again.

Another feature that “works as intended,” but upon which I have stumbled numerous times is that of remotely rebooting your host. The issues that surface are again ones of habit and clickitis. Teamviewer (even the “quick support” version) offers you the ability to reboot your target into either safe mode or normal mode. Teamviewer will start itself and be ready for you to connect when the system comes back up. This only works if you use the menu in the Teamviewer client on your side to reboot the target system, not the target operating system’s native restart button.

In addition, if you have more than one support individual connected to the target, Teamviewer will helpfully inform the other support member that you have requested a reboot. If they hit “no” then neither of you can initiate a reboot request until the Teamviewer server is closed and restarted.

As always with any product, I heartily recommend taking the time to do research and lab testing before full deployment. It is vital to get to know not only the bugs and incompatibilities, but the security risks and UI idiosyncrasies that are posed by a product simply “working as designed”. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
It's Big, it's Blue... it's simply FABLESS! IBM's chip-free future
Or why the reversal of globalisation ain't gonna 'appen
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Microsoft and Dell’s cloud in a box: Instant Azure for the data centre
A less painful way to run Microsoft’s private cloud
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.