Depending on the software and it's specific flaw, it might not even be necessary to handshake or establish a secure connection to exploit the vulnerability. But if the application has a vulnerability with how it's processing the initial request for communication, that vulnerability can be used to force the software to behave in ways it's not designed to. Usually the application will either accept or deny the request and close the communication. The security issue is due to the fact that an application will ingest any data you send to its open port. I just wanted someone to answer more than "just because", which has always been my own go-to answer. Note: I'm not asking about whether I should run an ipsec tunnel, or an SSH tunnel, or a VPN, or anything like that: I'm specifically asking whether RDP or VNC is the more secure in an open-port-through-the-firewall scenario.Įdit: I want to thank people for their persistence in answering here, especially when I've appeared to be stubborn. My thinking is that a lot of the RDP vulnerabilities have been closed off, and using a non-standard port plus NLA should be at least as secure as a similar VNC setup, especially in light of November's round of CVE's for LibVNC? I'm considering setting up VNC, but my question is this: how much more insecure is using a modern implementation of RDP (Windows 10, in my case) vs using a VNC implementation, even a paid one like RealVNC? So I'm currently using Chrome Remote to connect to home, but I'm trying to wean myself off the Google ecosystem slowly.
0 kommentar(er)
