[Dshield] How secure IS GoToMyPC?
areust at comcast.net
Thu Jun 17 01:43:00 GMT 2004
You have a couple of questions to ask and answer. In one of your replies
you mentioned HIPPA. Their security requirements will dictate whether the
"Application" fits the needs!
Realistically, the most secure approach would be an SSL protected (PKI) web
database. Authentication would be handled in an SSL session and allow
"whomever" access according to "authenticated" user assigned rights. View
or modify. The whole session would be via an encrypted channel. Management,
becomes if you do not have an account then you do not get in. You can add
additional authentication within the SSL channel requiring a PKI (personal
certificates) before the final connection is completed.
IF they do not need to manage the "local" computer they do not need an App.
like GoToMyPC, they need and application that allows viewing or modifying
"data." Even a Terminal Services Server setup for multiple people to run
Applications from the Server still has drawbacks. In either case "Auditing"
to see which user at what time and (not to consider 10 people hit the same
file from remote, at the same time) who is charge of "record locking." One
user gets tired of waiting an "bombs out" of the session crashing the
database. OOPS!!!!!! Computer Road Kill!
Yes, I have had to "repair" a database that had a "record open" and
otherwise appeared to just be CRASHED!
Their idea of what they think they "need" normally has no basis in reality.
At 08:01 AM 6/16/2004 -0400, you wrote:
>I have a potential client who has been suggesting they want to remotely
>access critical data using GoToMyPC, rather than placing the data in a
>web-accessible, password-protected read-only database.
>Which approach to accessing the data remotely would be more secure? Am I
>list mailing list
>list at lists.dshield.org
>To change your subscription options (or unsubscribe), see:
More information about the list