Can TigerVNC be used securely, today?

[a-raccoon]

As far as I'm aware, all VNC software is insecure unless encapsulated and used within a secure VPN or other form of tunneling (ie, SSH). Can somebody with adequate knowledge confirm or deny that TigerVNC is inherently insecure and should never be used on its own?

Is it within the framework of TigerVNC to make it a stand-alone secure product?

[MarkMielke]

I think that depends on your requirements? It sounds like you are looking for a single solution that does both remote display and gateway security perhaps to allow staff to access on premise compute from home? TigerVNC does not seek out to solve the gateway security problem. It does have some built in security features that might be components of a complete solution, but TigerVNC on its own is not a complete solution. You would have to come up with the solution yourself and decide which components to use, or which components to provide yourself.

[a-raccoon]

No. I'm not asking for any additional features beyond what TigerVNC is intended to DO. My question is whether it can accomplish those features in a secure way, on its own. Can a person host a TigerVNC Server on the WAN, and not be immediately hacked because the passwords are only 8 characters long, or due to other security weaknesses inherent in design. Or should TigerVNC be kept far far away from public networks (ie: port forwarding through NAT gateway, etc).

[MarkMielke]

From the web site: "TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing), a client/server application that allows users to launch and interact with graphical applications on remote machines."

For your specific questions:

1. "Can a person host a TigerVNC server on the WAN, and not be immediately hacked ...?"

Sure. But, all solutions have vulnerabilities. I suspect most solutions cannot be "immediately" hacked, unless they are particularly bad.

2. "... the passwords are only 8 characters long"?

No. There are several security plugins available. Choose the one that meets your requirements. If you use PAM, then you can provide your own authentication mechanism.

3. "... or due to other security weaknesses inherent in design."

Like what? Even security applications like SSH have security weaknesses inherent in design. If you have a specific concern, you can check it. If you are asking for security consulting, then it would be required to do a detailed review of your requirements.

4. "Or should TigerVNC be kept far far away from public networks (ie: port forwarding through NAT gateway, etc.)."

I use VNC as my primary method of working every single day. However, it is not on its own a complete solution that will automatically meet all security requirements. I'm not sure that any product would meet this criteria. What are you trying to compare it to?

[a-raccoon]

I guess I'm too ignorant to the protocol and design to comment competently. I'm going by people telling me that VNC is insecure, and TigerVNC has to be insecure in order to be compatible with other VNCs. And that we should never expose a VNC to the WAN interface otherwise the network will be immediately breached.

I would like to imagine that installing TigerVNC, it would be secure out of the box, and be able to allow passwords longer than 8 characters, and would prohibit brute-force hammering to guess the password in 5 hours if somebody ever discovered the port through a port scan.

If there are insecure elements, they should probably be removed from the project; compatibility bedamned. Or make the insecure elements very difficult to locate under advanced settings.

I don't know why you believe I want to compare VNC to anything else. I just want a safe, secure, authentication hardened VNC that's free standing without being co-dependent on other software. You are mistaken to think that I want anything that isn't already functionally TigerVNC.

Can TigerVNC be used securely, today? On its own. By itself.

[a-raccoon]

Can TigerVNC be used securely, today? On its own. By itself.

[MarkMielke]

What is the other product these people are trying to sell as "secure, today, on its own"? :-)

Security isn't easy. If their claim is that TigerVNC cannot be secured, or that it is only valid if it can provide security as a stand-alone product, then I think they are purposefully limiting their imagination as a means of eliminating TigerVNC from being a candidate. With this strategy, you could write off any solution you are not in favor of.

I'm truly curious what this end-to-end solution all on its own is. Alternative candidates like Citrix, VDI, or NX are also not end-to-end. At the very minimum you typically need an external identity management system with strong password enforcement, which TigerVNC is capable of doing. We also use multi-factor authentication with TigerVNC for a particular use case that deserves greater security.

But something being possible, might still not be accessible. You would need people who are willing and able to design a TigerVNC based solution to meet your requirements. If they are not willing, you are stopped before you begin.

[bphinz]

Based on previous tickets that you've filed, I'm assuming that you are specifically asking about the Windows server component of TigerVNC, and if that's the case I would advise against exposing it on the internet. The 8-character password limit that you are referencing only applies to one particular authentication method available in the RFB protocol, and the flaws and limitations of that auth type have been extensively documented on the internet. The protocol is extensible and as @MarkMielke mentioned, there are many auth types considered to be secure. Unfortunately, most of these are only applicable to the TigerVNC unix implementation (eg: PAM auth doesn't make sense in a Windows context). We really don't have the manpower or expertise to port many of the features available in the unix server over to our Windows server.

If there are insecure elements, they should probably be removed from the project; compatibility bedamned. Or make the insecure elements very difficult to locate under advanced settings.

Perhaps. I'm not even sure how many people would be impacted if we just dropped the Windows server component altogether, but as far as implementing better authentication methods in it goes, that's not going to happen without somebody stepping up and doing (or funding) the development work.

I just want a safe, secure, authentication hardened VNC that's free standing without being co-dependent on other software. You are mistaken to think that I want anything that isn't already functionally TigerVNC.

There are other VNC products out there, UltraVNC in particular is a very robust Windows-centric implementation that might better suit your needs. TigerVNC heavily favors unix environments.

Can TigerVNC be used securely, today? On its own. By itself.

Unix server? yes. Windows server? probably not...

[a-raccoon]

Ok. Thank you.