Secure VNC?

[Tarello3003]

Hi, I’d like to use the VNC feature with OpenUEM, but at a company level I’d like to know how security is handled. Do you recommend disabling it? Which guide would you suggest to use it more responsibly?
Thanks for your work.

[doncicuto]

Hi, thanks for your question and for trying OpenUEM.

OpenUEM implements remote assistance with VNC in the following way. I assume that you're in a Windows environment and that the machine where you use a browser to open the console and the agent that will receive support are in the same LAN.

1. You must install a supported VNC server in your Windows machine. The VNC server should not be installed as a service, only the server binary would be needed. That way the server is not always listening and a VNC connection is started when needed.
2. The agent will detect that a supported VNC server is installed and inform OpenUEM server.
3. If you need to open a VNC sesión from the console, the console requests the agent to start a noVNC proxy that will listen for TLS connections from the noVNC JavaScript client that runs in the browser using secure web sockets.Once the proxy is ready if you try to open a connection the agent starts the VNC service with a PIN set as a password and using the loopback address if possible to receive the VNC protocol traffic from the browser.
4. When the session is stopped, OpenUEM agent stops the service and set a random PIN to avoid reconnections.

So, in essence the VNC traffic is encrypted between the browser and the proxy

Also the VNC password (PIN) is changed for every session.

This is the way I've tried to have the more secure VNC connection possible but maybe there are better ways or is not secure enough for your scenario.

RustDesk support will be added pretty soon (being tested) so maybe that alternative would help too

If you need more info don't hesitate to reach me through this discussion

Again, thanks!