VNC communication is insecure by default. So it is better not open VNC ports directly to internet. Here is a way to put the VNC service behind an SSH tunnel.
1. Suppose you have your VNC service started on a server with terminal number 7. If you open port 5907 to the world, you will be able to connect to your.vncserver:7 using your vnc client.
2. Now you can install putty, and create an ssh session to your vncserver. In the Connection->SSH->Tunnels, put in Source port, for example, 5901, and the destination localhost:5907, where 5907 is the port your vnc server listens to. Choose “Local” and “Auto”, click “Add”, you will see a line like “L5901 localhost:5908″ appears. Have this profile saved.
3. Now at any time you can load the profile, log in your account on the server using your ssh username and password. Once you logged in, you may bring up your VNCClient, put in localhost:1, where localhost:1 means that the vnc server is listening port 5901 on localhost. However, the SSH Tunnel PuTTY built up for you forwards all traffic to localhost:5901 to port 5908 on your server. Thus you can have your VNC session redirected.