Friday, 10 April 2009

Remote desktop software good or bad?

What is a good remote desktop management software, I heard this question this week so I'm forced to answer it.

Well like all good question there is no one answer, its like when some one asks me what is a good laptop? what do you need it for is always the question and the same applys to remote desktop management software.

here are some points to consider before you decided on the product to use.
1) most operating system have one or more forms of remote desktop already so are you using this just for legacy desktops and would it be more cost affective to upgrade them?

2) how is easy is the product to deploy, can it be scripted or automated to avoid large amount of administrative overhead? again most have this function now.

3) how secure is it, can you lock it down to admin groups and IP's as well as just encrypting the traffic, remember that was is easy for you to get onto desktops also makes it easier for other to get onto them too.

4) is there any mobile device support.

5) is it a peer to peer connection of is it a relay thought 3rd party provider? as these tools become more popular I expect the attempts to break into them will increase.


Now the scary bit, most if not all of these tool have file transfer very handy for your helpdesk and also very dangerous too, with one email or phone call i can setup a connection to any desktop in the world.

As a security test I setup a connection to a business a few weeks ago who told me that there was no way for anyone to get the data out of the building all USB's have been disable and email was scanned, and no FTP was permitted. The administrator seems quite sure i couldn't get the information out so after setting up a remove session with on friendly user I proved that any outside part that has just a little help from a user can not only access the system but then copy the data to any remove location using any open port on the firewall like HTTP.

After the demo of this the local team changed the firewall to ban all known remove desktop software company sites but there are more they haven't found yet and new ones spring up each week.

Best advice I can offer you is to permit only a limited number of sites and disable all ActiveX components on browsers in order to try and prevent this but frankly it an open door....

Try not to lose to much sleep over it.

No comments: