Secure VNC Screen Sharing

VNC stands for Virtual Network Computing. VNC is a remote display system which allows you to view a computing "desktop" environment not only on the machine where it is running, but from anywhere on the Internet and on a wide variety of operating systems. Figure 6 illustrates secure VNC screen sharing, implemented through SecureCRT® local and remote port forwards. This traveler uses a VNC viewer on his laptop to remotely control his desktop back at the office. To do so, he creates a local port forward, mapping port 5900 on the localhost to 5900 on the remote desktop running VNC.

Figure 6: Secure VPN Screen Sharing

Although there are many programs that enable screen sharing, VNC is convenient because it runs on multiple platforms: Win32, Linux, Solaris, Macintosh, DEC, and WinCE. Because VNC provides only weak user name password authentication and no encryption, tunneling VNC over Secure Shell is critical. Using Secure Shell products like SecureCRT and VShell give the network administrator granular control over remote screen sharing. Workers can be strongly authenticated with public keys, certificates, or two-factor authentication methods like SecurID. VShell® filters control which desktops can be accessed through VNC ports, and which workers have permission to do so. The firewall can block VNC ports, while allowing Secure Shell to reach the VShell server. The VShell server acts as a single point of control over VNC access to this corporate network.