The password exchange between the VNC client and server is always encrypted, however everything after that is not. This should be fine when remoting to a local computer on a secure network. When remoting over the Internet, though, you should make sure the entire connection is encrypted. This secures everything from hackers or eavesdroppers that may intercept the traffic while its traveling the information super highway.
One way to create a secure tunnel between the client and server, for the VNC traffic to travel within, is to establish a Secure Shell (SSH) connection between them. To do this, you must install a SSH server on the computers you want to remotely access, and a SSH client on the computers you want to connect from. In some cases, you might want to just install both on each computer. On Windows PCs you can download and use freeSSHd for the server and PuTTY for the client; both are GUI based. For the Linux, machines, try OpenSSH.
Before you start trying to make SSH connections, be sure to configure your router to forward the traffic and firewalls to allow it. The default SSH port is TCP 22. If connecting via the Internet, configure a port forward or virtual server entry (like discussed earlier for the VNC traffic) for this port on the router where the remote incoming computer is located. On both the server and client computers, open the port as discussed in the previous part.
After installing the SSH server, create private and public keys, and place them in the proper place. For the SSH servers on Linux, use the OpenSSH utility to generate the keys. For Windows PCs, you can use PuTTygen. To connect from Windows to Linux, bring up PuTTy, go to the SSH Tunnel settings and input the VNC port you're wanting to use based upon the display number. Then on Session settings, enter the Linux machine's IP and click Open. On Linux machines, use the OpenSSH client, also creating a tunnel, to connect to the IP of the remote computer. Once you have a SSH connection, bring up VNC viewer as discussed in the previous part, but instead of the remote computer's IP, enter localhost.