Feeds

Remote access in real life

Lessons from the front line

  • alert
  • submit to reddit

3 Big data security analytics techniques

VNC

As a highly popular open source application that has existed for over a decade, VNC exists in many variants. To go truly in depth about how to tweak or configure every version of VNC would take far more than a single article. Instead I will address generalities that apply to most versions of VNC that you are likely to encounter.

The most important thing to consider about VNC is security. While VNC can be used to start a new session, far and away its most popular use is to share a GUI between the person sitting at the computer and someone remote accessing it. In many versions, the default configuration of VNC only asks for a simple password before sharing your desktop with whoever happens to be asking. There are no password complexity requirements and you don’t need to know a username.

In almost every incarnation, VNC comes preconfigured to allow someone to remote into the system without first asking permission of the user currently using it. There are plug-ins and extensions for most maintained variants of VNC that can and do address almost any security concern you could raise, but these are not default items.

When considering VNC as the remote access solution to your problems, take your bandwidth and CPU speed into consideration. Most VNC variants are designed to ensure that you get some form of connection, regardless of bandwidth. The trade-off is generally one of server-side cpu for bandwidth.

If you are using VNC over a LAN, I heartily recommend turning off any and all compression. Uncompressed or RAW VNC will provide the fastest and best experience, but at the cost of a fair amount of bandwidth. Make sure VNC hooks into the OS properly.

VNC can work in two ways: as a video driver on your system, or by “scraping” the existing video driver for display information. As you might suspect, “scraping the screen” is a very slow way to go about things. In Linux, most distributions can and do offer versions of VNC that integrate tightly with X11. These can provide near RDP speeds, though they are often a pain to configure. If you are looking at using VNC on Linux for more than just casual administration, I would seriously consider taking the time to configure a properly X11 integrated variant. The same holds true in Windows; most modern Windows VNC variants offer a “mirror driver” or “hook dll.” These install as video drivers in windows and are the only way to make VNC under windows anything other than frustratingly painful.

Another item that can apply to quite a few VNC implementations is that sometimes your mouse cursor can disappear. This often happens when you are using a VNC client version that doesn’t quite speak the same language as that on the server. In this case there will be an option in the client somewhere to let the server control the cursor. Once you tick that, the mouse will seem choppy and laggy, but you will at least be able to see it.

Teamviewer

In general, Teamviewer does exactly what it says on the tin. There is obviously a lot of testing and development going into this product, and this polish is reflected in the stability and reliability of the application. That said, there are quite a few small design elements that have tripped me up over time.

Teamviewer has a “quick support” version, essentially a self-contained executable that users can download, give you the GUID and password and you then can remote into their systems. One of the issues with this, (especially if you are used to using Teamviewer in Host Mode) is that you can’t minimise it into the system tray. If you bring up the application from the taskbar when you are already connected, there is only one button: the one that shuts down the app and boots you out. If you happen to be slamming around the system trying to get things done quickly, a small bit of clickitis on your part easily leads to an embarrassing phone call to the user asking them to fire up the app again.

Another feature that “works as intended,” but upon which I have stumbled numerous times is that of remotely rebooting your host. The issues that surface are again ones of habit and clickitis. Teamviewer (even the “quick support” version) offers you the ability to reboot your target into either safe mode or normal mode. Teamviewer will start itself and be ready for you to connect when the system comes back up. This only works if you use the menu in the Teamviewer client on your side to reboot the target system, not the target operating system’s native restart button.

In addition, if you have more than one support individual connected to the target, Teamviewer will helpfully inform the other support member that you have requested a reboot. If they hit “no” then neither of you can initiate a reboot request until the Teamviewer server is closed and restarted.

As always with any product, I heartily recommend taking the time to do research and lab testing before full deployment. It is vital to get to know not only the bugs and incompatibilities, but the security risks and UI idiosyncrasies that are posed by a product simply “working as designed”. ®

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Bored with trading oil and gold? Why not flog some CLOUD servers?
Chicago Mercantile Exchange plans cloud spot exchange
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.