Re: PCanywhere: security of it and operation over DSL/cable modems

From: Johan De Meersman (johan@ops.skynet.be)
Date: 07/23/02 

Date: Tue, 23 Jul 2002 10:53:36 +0200
From: Johan De Meersman <johan@ops.skynet.be>
To: security-basics@securityfocus.com

If I understand correctly, the workstation that needs to be accessed is
in an internal network. Hmm... You could probably forward ports through
your firewall, but I'm no wizard on that. Another solution is to use
VNC, by ssh-ing into your internal network, somewhere on a *nix box, and
then x-forwarding the *nix version of VNC that connects to the windows
VNC host. This solution requires that the remote controller isn't behind
a NAT, too, though. Another option is to use a web-based (java-applet)
VNC client on a webserver that has access to the internal net, but
that's less secure again.

Google for VNC, it's some or other open license, it's got loads of
platforms, and I believe there are even a few secure implementations out
there.

securitybasics@plumlee.org wrote:

> We have a workstation at the office that needs to allow a user remote
> access for running software on the workstation. I don't think a VPN
> will work because the user MUST run the software on this machine, as
> if he was seated at it. I'm looking at gotomypc.com and pcanywhere.
> I don't feel comfortable using gotomypc.com as this is proprietary
> company information and I don't trust someone else having the access
> information for the workstation that has the info on it.
>
> My questions are as follows:
> 1. Has anyone got experience with the security of PCanywhere running
> over a DSL/cable modem connection? What should I watch out for? From
> what I understand, I can use HTTPS as one of the options for the
> connection. Anyone know the encryption level? Are all parts of the
> transactions secured with encryption?
> 2. How does the software work if it's over a broadband connection?
> My internal IPs aren't valid for routing. How does the software know
> a connection is being initiated?
> 3. Any better solutions come to mind? I'd rather have a PITA setup
> that's secure than a simple one that's not.
> 4. What security measures should I implement on the users PC to make
> sure that it's secure as well? I won't have physical access to it but
> for the initial setup.
>
> I'll be interested in seeing if this gets posted at all due to the
> recent acquisition of securityfocus by Symantec. Can't bite the hand
> that feeds you, I guess.
>
> Many thanks for any help. Long time reader (well, several months at
> least), first time poster.

Relevant Pages

  • Re: [SLE] Re: [suse-kde] XWindow, remote access
    ... I use VNC to access my server. ... It is not secure however so if you are going to access it outside ... the workstation has. ...
    (SuSE)
  • Paradigms II
    ... Secure Systems Revisited ... Performing the following very basic security evaluation on your system ... (server or workstation); however, they can be easily adapted to any other ... control over that information. ...
    (comp.security.misc)
  • Re: Paradigms II
    ... > are not about trying to circumvent security. ... > (server or workstation); however, they can be easily adapted to any other ... > to have at least a vague idea what security, and a secure environment, ...
    (comp.security.misc)
  • RE: Question: How To Secure a Public Access Workstation
    ... I think step one would be to secure the box itself. ... Access workstation" shouldn't necessarily mean access to the ... > rather than Windows Explorer. ... > q154780 - How to Use Kiosk Mode in Microsoft ...
    (Focus-Microsoft)
  • [Full-disclosure] AFS - The Ultimate Sulution?
    ... This is kind of a combination of RemoteBoot and AFS. ... to supply forged images to the workstation. ... AFS however uses Kerberos to authenticate and thus is considered secure. ...
    (Full-Disclosure)