Monday, November 17, 2014

Comparing the Security Policies for Session Sharing in VNC, NoMachine, NX, EoD and FastX

This white Papers Comparing the Security Policies for Session Sharing in VNC, NoMachine, NX, EoD and FastX was written by StarNet Communications 



Executive Summary 
Session sharing is the process where multiple users interact with the same desktop from remote systems. Security is a major issue in session sharing software as by its very nature shared sessions work around policy rules enforced by the operating system. However, the collaborative benefit of session sharing make it a valuable in modern day companies. Special care needs to be taken by session sharing software vendors to make a shared session as secure as it possibly can be as to limit the amount of damage, a mismanaged session can cause to an organization. There are currently five major session sharing software tools available for linux systems: VNC, NoMachine, NX, Exceed on Demand, and FastX.

VNC offers minimal security and its use is a major security hole to an organization. NX is the widely used predecessor to NoMachine which has a flawed default configuration granting clients unneeded access. NoMachine offers better security, but it has several features that can be exploited. Exceed on Demand is fairly secure, but its use of an access control list that retains client permissions can be exploited to spy on the session owner. FastX offers the best security allowing session sharing to be dynamically enabled/disabled as well as the use of a one time sharing key that disables sharing whenever the owner disconnects.


No comments: