[Dshield] How secure IS GoToMyPC?

Doug White doug at clickdoug.com
Thu Jun 17 02:43:04 GMT 2004




:
: At 08:01 AM 6/16/2004 -0400, you wrote:
: >I have a potential client who has been suggesting they want to remotely
: >access critical data using GoToMyPC, rather than placing the data in a
: >web-accessible, password-protected read-only database.
: >
: >Which approach to accessing the data remotely would be more secure? Am I
: >missing something?
: >

There may be more to this situation than is obvious from your note.  If all
they client needs is access to the data, then running queries via a web
browser, or even a DTS connection which will let them make specific queries may
do the trick, and you can control how much access is available via IpSec
policy.

>From the face of your message, allowing remote control via GoToMyPC or remote
desktop will allow the user access to not only the structure of the database
and tables but adds the risk of an inadvertent click which will permanently
delete entire tables, or even the database itself, including the backups.
Accessing the data in this manner would appear to be overkill as well as
placing the entire database at risk of accidental modification, deletion,
unauthorized disclosure, and more.  If the client needs (or requires) this
level of administrative control, then I would suggest you step back to being a
mere provider of a dedicated box, with the appropriate disclaimers as to
responsibility for the data., data structure, HIPAA requirements, etc.

If the client insists on this level of access, and still hold you responsible
(liable) for the security of the "critical" data, you might well think about
passing up this opportunity.

Doug

======================================
Our Anti-spam solution works!!
http://www.clickdoug.com/mailfilter.cfm
For hosting solutions http://www.clickdoug.com
http://www.forta.com/cf/isp/isp.cfm?isp_id=1069
======================================




More information about the list mailing list