Reply to post:

RealVNC distances itself from factories, power plants, PCs hooked up to password-less VNC


Many security audits use a long list of best practices as a starting point. VNC is one of those checkboxes (protocol flaws, lack of brute force protection, default blank passwords - all from early days and long since resolved in major distros), so you will get something back like

Issue: VNC running on system XYZZY

Best Practice: Remove VNC

If you need the utility, you'll need to provide the analysis showing how those early issues with VNC no longer apply or are mitigated. In a previous company, I did this a few times by requesting the reason for VNC being on the list and then point by point showing how these didn't apply or were mitigated in the version/environment/configuration we had it in. Much of this information to do this you can pull straight from the documentation of your distribution.

Have fun doing this over again at subsequent audits also :-p

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019