news technology 
news tech archive
404 not found
ADSL
algorithm
artificial life
artificial neural network
balance score card
business intelligence
business process management
cascading stylesheet (CSS)
chinese dictionary
computer generation
computer process unit
content management system
crm software
deep packet inspection
digital radio DAB
DNS server
domain
dreamweaver tutorial
erp system
ethernet
file names
file formats
ftp client
GCC compiler
gfortran
glossary of terms
GPS
gfortran
haptic
history of the computer
HSDPA
InfoSec glossary
interface definition language
how Internet works
IP address
LED
local loop
miscellaneous
NSLU2
MAC address
open source mgt
open office
open source software
OS kernels
OSI network
pc barebones
PHP
PL/SQL
proxyserver
raid
search engine marketing
service oriented architecture
smtp server
software network management
speech recognition
sql server
TCP IP
unified communications
USB memory drives
volume
virus spam status
virtual reality
vista security
VNC server
WAN optimization
Windows 7
wireless access protocol
wireless network
xml
© Connet
VNC (Virtual Network Computing)
VNC (Virtual Network Computing) is a cross-platform thin client technology originally developed by Olivetti Research Labs in Cambridge, England, who were later acquired by AT&T. VNC works on a client/server model: A VNC viewer (or client) is installed on the local computer and connects to the server component, which must be installed on the remote computer. The server transmits a duplicate of the remote computer's display screen to the viewer. It also interprets commands coming from the viewer and carries them out on the remote computer.
VNC is platform independent and is compatible with any operating system. Computers must be networked with TCP/IP and have open ports allowing traffic from the IP addresses of devices that may need to connect.
VNC is a graphical desktop sharing system that uses the RFB protocol to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network. VNC consists of a client, a server, and a communication protocol.
The VNC server is the program on the machine that shares its screen.
The VNC client (or viewer) is the program that watches and interacts with the server.
The VNC protocol (RFB) is very simple, based on one graphic primitive from server to client (”Put a rectangle of pixel data at the specified X,Y position”) and event messages from client to server.
How VNC server start ?
vncserver is used to start a VNC desktop. vncserver is a Perl script which simplifies the process of starting an Xvnc server. It runs Xvnc with appropriate options and starts some X applications to be displayed in the VNC desktop. vncserver can be run with no options at all. In this case it will choose the first available display number (usually :1), start Xvnc as that display, and run a couple of basic applications to get you started.
The software is distributed in two parts. The first is the server that sits on the host machine,
and the second part is a client that connects to the server and allows the user of the client software
to view the desktop of the remote system. The client can either be a standalone application or a Java
application executed by using a web browser to connect to a simple web server that is part of the
VNC server application. VNC consists of 5 programs:
vncviewer - this is the VNC viewer, or client, program for X.
vncserver - this is a wrapper script which makes starting an X VNC
server more convenient. It is written in Perl,
so to use the script you need that.
vncpasswd - this program allows you to change the password used to
access your X VNC desktops. The vncserver script uses
this program when you first start a VNC server.
vncconnect - this program tells a running instance of Xvnc to connect
to a listening VNC viewer
Xvnc - this is the X VNC server - it is both an X server and a VNC
server. You normally use the vncserver script to start Xvnc.
There are a number of steps that can be taken to harden the default installation of VNC.
Preventing Unauthorised Configuration Changes: By default, WinVNC stores its configuration in the registry under
HKEY_LOCAL_MACHINE\ORL\WinVNC3. By default all users are granted modify rights to this
branch. This should be changed so that only the administrator can make changes to the registry
entries. This would prevent a user from making changes that could further weaken system security.
Protecting Communications: As has already been seen, the communications between the client and server are not protected.
This can be overcome by tunnelling the VNC session over a more secure protocol. This could be
achieved by the use of VPNs, SSH or SSL.
Limit Connections: Under Microsoft Windows the registry key AuthHosts can be used to limit the range of IP
addresses that can connect to the server. When used with the QuerySetting option, this enables you
to limit which client machines can connect to the server.
Correctly Handle Multiple Connections: In a default installation a server only allows a single client to be connected to the server at any
one time. However, the behaviour of the server can be modified when a second user client attempts
to connect. There are three possible connection modes: the first mode kills the original session and
allows the second client to onnect (which is the default state); the second mode allows all
connections to stay connected; and the third mode denies all new connections whilst a session is
currently in progress. The ConnectPriority value is used to define which behaviour should be
adopted. Use of the third mode is recommended to prevent a DOS attack being
performed against a running session.
Close All Inactive Sessions: To ensure that a user is not left logged on unnecessarily, it is recommended that under
Windows the LockSetting value is set so that a user is logged off when disconnecting from the
server. Under UNIX, the server should be set to die when a client disconnects.
There are numerous business benefits to using VNC for access to remote systems, but there
are also a number of risks that need to be managed. In particular, potential procurers of VNC need
to be aware that VNC does not provide security for sensitive information. As with most software, there are bugs and vulnerabilities in VNC that have been discovered
by the security community. As a result of this, it is vital that relevant sites (such as
http://www.uk.research.att.com/vnc) are monitored to ensure that the most up to date version is
used.