Stalemate
May 19th, 2003, 04:41 PM
WINDOWS 2000 PROFESSIONAL
SECURE VNC FOR REMOTE CONTROL
Virtual Network Computing (VNC), a free remote control application available from AT&T, lets you remotely access and control computers running
a variety of operating systems, including Windows, UNIX, and Macintosh. You might be running VNC to remotely access Windows systems in your network, or perhaps even using it to manage your servers.
VNC isn't very secure in the default installation because it allows access from any client IP address. Restricting access to specific addresses helps you control who can access a computer remotely. To create authorized hosts lists, you must modify the registry by following these steps.
First, open the Registry Editor on the VNC server and open this registry
key:
HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3
Next,
1. Create a new REG_SZ value named AuthHosts.
2. Add address entries, separated by colons, to control access. Use the format <char><address>, where <char> is either plus [+] (allow access), hyphen [-] (deny access), or question mark [?] (display a confirmation dialog box at the server, prompting to allow or deny).
For example, you would use the following value to allow connections from all addresses in the 192.168.0.x subnet, deny the address 192.168.0.5, and query for the address 192.168.0.8:
+192.168.0:-192.168.0.5:?192.168.0.8
You can add a DWORD value named QueryTimeout to specify the length of time VNC will wait for someone to accept or reject a connection attempt at the server. You can also add a DWORD named QuerySetting and set it to a value between 0 and 4 to correspond with these settings:
0 - Accept +, Accept ?, Query -
1 - Accept +, Accept ?, Reject -
2 - Accept +, Query ?, Reject - (This is the default.)
3 - Query +, Query ?, Reject -
4 - Query +, Reject ?, Reject -
Setting up a list of authorized connections is just one way to add security to VNC for connections to your Windows 2000 computers. You an also restrict VNC to a VPN port to ensure encryption. For more information on configuring VNC settings, see the online documentation at AT&T's Virtual Network Computing Web site. http://www.uk.research.att.com/vnc/winvnc.html
NOTE: Before making any registry edit, be sure to first back up the registry so that you can restore it if something goes wrong.
SECURE VNC FOR REMOTE CONTROL
Virtual Network Computing (VNC), a free remote control application available from AT&T, lets you remotely access and control computers running
a variety of operating systems, including Windows, UNIX, and Macintosh. You might be running VNC to remotely access Windows systems in your network, or perhaps even using it to manage your servers.
VNC isn't very secure in the default installation because it allows access from any client IP address. Restricting access to specific addresses helps you control who can access a computer remotely. To create authorized hosts lists, you must modify the registry by following these steps.
First, open the Registry Editor on the VNC server and open this registry
key:
HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3
Next,
1. Create a new REG_SZ value named AuthHosts.
2. Add address entries, separated by colons, to control access. Use the format <char><address>, where <char> is either plus [+] (allow access), hyphen [-] (deny access), or question mark [?] (display a confirmation dialog box at the server, prompting to allow or deny).
For example, you would use the following value to allow connections from all addresses in the 192.168.0.x subnet, deny the address 192.168.0.5, and query for the address 192.168.0.8:
+192.168.0:-192.168.0.5:?192.168.0.8
You can add a DWORD value named QueryTimeout to specify the length of time VNC will wait for someone to accept or reject a connection attempt at the server. You can also add a DWORD named QuerySetting and set it to a value between 0 and 4 to correspond with these settings:
0 - Accept +, Accept ?, Query -
1 - Accept +, Accept ?, Reject -
2 - Accept +, Query ?, Reject - (This is the default.)
3 - Query +, Query ?, Reject -
4 - Query +, Reject ?, Reject -
Setting up a list of authorized connections is just one way to add security to VNC for connections to your Windows 2000 computers. You an also restrict VNC to a VPN port to ensure encryption. For more information on configuring VNC settings, see the online documentation at AT&T's Virtual Network Computing Web site. http://www.uk.research.att.com/vnc/winvnc.html
NOTE: Before making any registry edit, be sure to first back up the registry so that you can restore it if something goes wrong.