[Dshield] Outbound GoToMyPC

Price, Gary gmprice at cio.sc.gov
Fri Jun 29 14:06:21 GMT 2007


Several years ago(when the service first appeared) I explored the use of
GoToMyPC as a way to connect remotely.
The issue I was concerned about and had no control over was the data
stream from the central server to both the remote and the host. The
company "said" those data streams were encrypted and even if they wanted
to monitor the connections they could NOT. I was never comfortable with
that answer....Since they control the encryption and the data
connections for all communicating devices, I can figure ways to monitor
that traffic from an "internal" hackers point of view...... 

FROM: gary m price  network security b&cb cio (803) 896-0454

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of sec head
Sent: Thursday, June 28, 2007 9:35 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Outbound GoToMyPC

The authentication is controlled by the external server. Can you trust
it? I don't. If it failed, the perimeter firewall is basically
by-passed.

Kam

On 6/28/07, Scott Melnick <smelnick at water.com> wrote:
>
>
> > -----Original Message-----
> > From: list-bounces at lists.dshield.org [mailto:list- 
> > bounces at lists.dshield.org] On Behalf Of Steven Brower
> > Sent: Thursday, June 28, 2007 2:26 AM
> > To: list at lists.dshield.org
> > Subject: [Dshield] Outbound GoToMyPC
> >
> > What about outbound GoToMyPC?  That is, what is the security risk to

> > a networked work environment which allows exclusively *outbound* 
> > access
> to
> > GoToMyPC?
>
> I block this from my network. It invites users to log onto their home 
> PC and pass the work day by surfing Porn.
>
> Cheers,
> Scott Melnick
>
>
> _________________________________________
> SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 courses, SANS 
> top instructors, and a great tools and solutions expo. Register today!
> http://www.sans.org/info/4651 (brochure code ISC)
>
_________________________________________
SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 courses, SANS top
instructors, and a great tools and solutions expo. Register today!
http://www.sans.org/info/4651 (brochure code ISC)



More information about the list mailing list