BOAC

To use this I have to open a particular range of ports via ZA. Forgive silly question, but if I open the ports for a 'genuine' access request, can a malcious hacker gain access while they are open or would it trigger another deniable request in ZA?

Saab Dastard

The ports may be open, but is there anything besides VNC listening?

Assuming that these are high number ports that nothing else is using, then you are pretty safe.

SD

hellsbrink

I would say that any open port is a hazard, as you don't know if the naughty people will try and use these ports to get access as they will sniff out any open port to "attack".

Can't remember if ZA allows it or not, but can you tell it to only allow these ports to be accessed by ultraVNC only so anything else trying to use these ports gets blocked?

BOAC

Yes, the ports are high.

The other computers are 'IP allowed' in ZA.

I have 'Internet Zone' set to high security and 'trusted zone' (where the 'OK' other machines are IP'd) set to medium.

Anyone used U-VNC with ZA?

Keef

If the access to the ports is coming from inside your own network, and isn't accessible from outside, the risk is tiny.

I have VNC running here, and only stuff on the network (including via the VPN) can access it. I'm comfortable with that.

BOAC

Hmm! The reason I have set it up is so I can access via the internet as well as a home network - I guess that means a risk even if the ZA firewall is IP specified?

Keef

If you're accessing it from the Internet, is that via a VPN?

If so, your "accessing" PC will have an IP address on your network, and will be seen as "internal" to the network. Or that's how mine works, anyway.

It's therefore as secure as your VPN connection, which is pretty good if you set it up correctly.

Just make sure your router's security password is a good one (not the "default" from the manufacturer).

My router won't allow an external VPN connection to access the router control panel anyway. It's easy to get round that - I just VNC to the main desktop, then access the router from there. Two IDs and passwords needed.

All that stuff is in the logs anyway, so if anyone else started peeking inside, I could see who (and the IP address they came from).

Lost_luggage34

It's a shame that with a freebie such as ZA you cannot specify your own rules by port number and/or direction - simply the option to open up the less well know ports over 1394.

Not used the UltraVNC product but other similar products for the same purpose. Was always able to tie them in on a specific port number when I used a purchased software firewall - I used Black Ice for several years.

Still very happy with ZA despite the lack of that ability.

Good advice from Keef re. the two-step process, passwords, and the restriction of not allowing the router to accept external VPN connections.

At the end of the day if your PC is up to date and you have both a router/hardware firewall and the PC software firewalled, you are keeping your exposure as minimal as practically possible.

As Keef also states, keep a check on your router log so you can have that added 'comfort factor' that no-one/nothing is getting in that is out of the ordinary.

BOAC

Thanks guys - it will be an infrequent need to access from the internet and I guess I could take the risk. No VPN as I understand I need a fixed IP for that and I have only a 'floating' one from my ISP, although of course that does not change unless I cycle the router...................

Bushfiva

If you don't get your software sorted, Hamachi will give you hassle-free VPN. Logmein will give you remote sessions. Both are easy to set up and punch through firewalls.

BOAC

Thanks BF - Googling right now!

EDIT: Hamachi is nice/neat amd looks pretty secure, but I don't want the hassle of having to set up shares on the host from elsewhere (unless I have mis-understood the prog) and 'logmein' seems to 'cut the mustard' by giving desktop access - and presumably is pretty secure as it routes through the logmein server? Thanks for the leads.

Keef

I've not used Logmein, but several folks I know reckon it's so good they've not bothered with VPN.

BOAC

Basic (free) Logmein does not allow file transfer, which is one of my major objectives.

Could the experts here please look at 'TeamViwer' which I have installed and run very succesfully with a view to security? It appears to do all I want and there is a free version for non-commercial use.

If it gets a I will add it to SD's software sticky.

Bushfiva

But Hamachi does, which is why you use both :-) If you do have some kind of terminal aversion to Hamachi, install Skype on both machines (different account names, of course) and use that to transfer files.

BOAC

Accepted, BF, but I am looking for a 'singleunit' (Mrs B proof) option and I would appreciate any commnets on security aspects from anyone who had time to download the small install prog. It looks prety good, routing through the Teamviewer servers like logmein. File transfer is as simple as drag-and-drop.

Bushfiva

Yes, Teamviewer is a fine product if you qualify for the free version. The paid versions are not particularly cheap. But as a product, it gets the job done.

Keef

I don't know TeamViewer. My worry is that, however good their security, you are open to unknown attackers.

Do you ever switch off the modem/router on the ADSL you want to connect to? Has the IP address ever changed? My Pipex contract was "dynamic" IP, but it never changed in the years I was with them. My UKFSN one is static anyway, so the issue doesn't arise.

You may find that you can get away happily using a conventional VPN - which gives you all the flexibility you want to give it.

BOAC

Hi Keef - 'floating' IP - but as you say it only changes when the router reboots. The advantage I can see over UltraVNC is that it is only using port 80 (which is open anyway) whereas UV requires ports 5800-5900 open, and it does not require an IP address to establish contact.

BOAC

Update:
Still very content with 'TeamViewer' and now, to cater for the lesser-privileged they have announced a version for 'Macs.

ZH875

The latest Teamviewer (Version 3.5.4011) now has inbuilt VPN support.

Without this cracking program, my family would have lots of computer problems unresolved, and I would have a lot more free time.