[Dshield] How secure IS GoToMyPC?

Al Reust areust at comcast.net
Thu Jun 17 01:43:00 GMT 2004


Hi Alan

You have a couple of questions to ask and answer. In one of your replies 
you mentioned HIPPA. Their security requirements will dictate whether the 
"Application" fits the needs!

Realistically, the most secure approach would be an SSL protected (PKI) web 
database. Authentication would be handled in an SSL session and allow 
"whomever" access according to "authenticated" user assigned rights. View 
or modify. The whole session would be via an encrypted channel. Management, 
becomes if you do not have an account then you do not get in. You can add 
additional authentication within the SSL channel requiring a PKI (personal 
certificates) before the final connection is completed.

IF they do not need to manage the "local" computer they do not need an App. 
like GoToMyPC, they need and application that allows viewing or modifying 
"data." Even a Terminal Services Server setup for multiple people to run 
Applications from the Server still has drawbacks. In either case "Auditing" 
to see which user at what time and (not to consider 10 people hit the same 
file from remote, at the same time) who is charge of "record locking." One 
user gets tired of waiting an "bombs out" of the session crashing the 
database. OOPS!!!!!! Computer Road Kill!

Yes, I have had to "repair" a database that had a "record open" and 
otherwise appeared to just be CRASHED!

Their idea of what they think they "need" normally has no basis in reality.

Al

At 08:01 AM 6/16/2004 -0400, you wrote:
>I have a potential client who has been suggesting they want to remotely 
>access critical data using GoToMyPC, rather than placing the data in a 
>web-accessible, password-protected read-only database.
>
>Which approach to accessing the data remotely would be more secure? Am I 
>missing something?
>
>_______________________________________________
>list mailing list
>list at lists.dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list