Setting up VNC Connect for Maximum Security


VNC Connect is secure out-of-the-box. All connections are encrypted end-to-end, and by default remote computers are protected by a password or by system login credentials, depending on your subscription.

*For an overview and links to whitepapers, penetration tests and more, see our dedicated security and compliance page.

There are many other security and privacy features you can enable. To configure VNC Connect for maximum security:

  1. Purchase an Enterprise subscription.
  2. When creating your RealVNC account, choose a complex, unique password (not one you use for any other online service).
  3. On the Security page of your RealVNC account, enable 2-step verification for yourself.
  4. If you wish to share remote access with other people:
  5. On each remote computer you want to control:
    • Install VNC Server in a secure location (such as C:\Program Files), and turn on update notifications.
    • Upgrade to 256-bit AES by setting the VNC Server Encryption parameter to AlwaysMaximum.
    • Turn off direct connectivity by setting the VNC Server AllowIpListenRfb parameter to FALSE. Only establishing cloud connections will mean no holes in firewalls.
    • Enable multi-factor authentication for VNC Server.
    • Restrict session permissions appropriately, perhaps to make particular users view-only.
    • Reduce the number of unsuccessful authentication attempts allowed by lowering the VNC Server BlacklistThreshold parameter.
    • Disconnect idle sessions earlier by lowering the VNC Server IdleTimeout parameter.
    • If the owner will be physically present when people connect, turn on connection approval.
    • If the remote computer is running Windows, turn on screen blanking.
    • Lock or log out the remote desktop when the last user disconnects by setting the VNC Server DisconnectAction parameter.
  6. Review connection audit logs on a regular basis.

Minimizing data stored by RealVNC in the cloud

We do not record remote access sessions, and never store remote computer passwords. We don’t store payment or credit card information either; that’s stored on our behalf by a PCI DSS-compliant vendor.

We do use our cloud service to store certain data if you:

  • Enable analytics when installing VNC Viewer.
  • Either enable analytics or update notifications when installing VNC Server.
  • Sign in to VNC Viewer in order to discover cloud-enabled computers or to sync your address book across devices.
  • Use On-Demand Assist, in which case we automatically record certain session events (not the sessions themselves) for review purposes.

See our privacy policy for what data is collected and where it is stored.

If you don’t want RealVNC to store any data at all in the cloud then you must:

  1. Subscribe to a plan that includes offline licensing as an option.
  2. Don’t add the On-Demand Assist capability to your subscription.
  3. Only establish direct connections to remote computers.
  4. Disable analytics and update notifications for both VNC Viewer and VNC Server.
  5. Connect using VNC Viewer without signing in to it (your address book will not sync between devices).
Was this article helpful?
22 out of 29 found this helpful



Article is closed for comments.