View Single Post
  #2   (View Single Post)  
Old 18th July 2011
plexter plexter is offline
Shell Scout
 
Join Date: May 2008
Posts: 124
Default

I recommend you don't forward VNC traffic at all. VNC traffic is not secure by default and all info including passwords is sent in clear text.

Instead I recommend setting up either OpenVPN or SSH w/ port forwarding enabled. SSH is by far the easier of the two to implement.

The idea is to tunnel your VNC Viewer through your SSH tunnel. Thus protecting it.

I won't bother posting links as Google will show you many examples.

This (SSH) would allow:

1. A secure connection from anywhere via SSH
2. Though SSH there are many features to control how users are able to connect

Some examples being:
Code:
LoginGraceTime
MaxAuthTries
MaxStartups
Port XXXX <-- this will help avoid scripted scans

3. Less rules in your PF.conf

Read here for more on SSH:
http://www.openbsd.org/cgi-bin/man.c...ry=sshd_config

Cheers!
Reply With Quote