[Dshield] gotomypc.com

Johannes B. Ullrich jullrich at sans.org
Mon May 13 21:47:48 GMT 2002


I think you bring up a couple good points:

First, GoToMyPC is not 'guilty'. They are using internet protocols in a
new and innovative manner. Even if they wouldn't, there is plenty of
underground-ware that does essentially the same things.

The real problem is how to prevent users from installing software like
that. While most company networks do not allow installing software by
emplyees, few prevent or audit it. There are similar issues with instant
messangers, games, and even hardware like modems.

I think the part where GoToMyPC is a bit guilty is the fact that they
don't realy address this issue in their security section. But well, they
are after all interested in selling this thing.

Secondly, encryption is part of security, but it is not equivalent with
security. A VPN is a great tool, but it can be a big security hole if
not used properly. Systems like this, extent your perimeter. In the case
of 'GoToMyPC', the GoToMyPC server, and the users home machine are all
for sudden part of the companie's internal network and need to be
considered as "inside the perimeter". For example, if the home users
system, or the GoToMyPC system is compromissed, the company network is
at risk. 

Another problem with encryption is that it is a great way to evade IDS
systems. For example, a good network administrator should add some magic
strings to the IDS that should never leave the company (company credit
card number, some incredience of companies secret recipie). If the
connection is encrypted, it is impossible for the IDS to catch this. 

-- 
-------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System





More information about the list mailing list