[Dshield] How secure IS GoToMyPC?
joem at nist.gov
Wed Jun 16 12:59:36 GMT 2004
At 08:01 AM 6/16/2004, Alan Frayer wrote:
>I have a potential client who has been suggesting they want to remotely
>access critical data using GoToMyPC, rather than placing the data in a
>web-accessible, password-protected read-only database.
>Which approach to accessing the data remotely would be more secure? Am I
I'm assuming there is a firewall between the home pc and the
data. Gotomypc sets up a vpn between the home pc and the pc inside the
firewall. You (IT security) have no control over authentication. If the
home pc is r00ted then there is a path inside your firewall -- using
encryption which probably won't set off your IDSs, depending on where
they're placed. This is similar to how a certain sw company in Redmond got
compromised 3 1/2 years ago. It seems an employee was working from home and
got hit by the QAZ backdoor worm which used the tunnel to infect boxes
inside the firewall. Sniffers were set up and it was the start of mischief
and mayhem. It's not good to have guest Administrators accessing your
internal network from overseas.
Assuming that your idea, the web accessible database, uses encryption, it
sounds like a solution that carries less risk. BTW, a lot of sites block
Hope this helps....
More information about the list