You are working from home and need to manage a Linux workstation in the office that is running a VNC server on TCP port 5900. The office firewall currently blocks all inbound traffic from the Internet. Which of the following actions would provide the BEST protection against eavesdropping while still allowing the remote session to occur?
Reduce the screen resolution in the VNC server to decrease bandwidth usage.
Create a port-forwarding rule on the office router to expose TCP 5900 to the Internet.
Disable all compression in the VNC client to lower latency.
Establish an SSH tunnel and direct the VNC client to connect to 127.0.0.1:5900.
VNC's Remote Frame Buffer (RFB) protocol is not encrypted by default. Tunneling the session through an SSH connection encapsulates all VNC traffic in SSH's encrypted channel, protecting screen data and credentials from interception. Simply forwarding port 5900 (choice B) or changing performance settings (choices C and D) does nothing to secure the traffic in transit.
References:
VNC - Security section (RFB is not secure by default; tunneling through SSH/VPN is recommended).
How to set up VNC over SSH - Xmodulo (describes creating an SSH tunnel to secure VNC sessions).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What encryption protocols can be used with VNC to secure connections?
Open an interactive chat with Bash
Why is data interception a concern for VNC connections?
Open an interactive chat with Bash
What alternatives to VNC are available for secure remote access?