Should IT departments be afraid of security vulnerabilities exposed by remote access?

Joe Videtto May 7, 2012
Pinterest Stumbleupon Whatsapp
Ads by Google

I’ve wanted to provide remote desktop support to some of my previous professors, and to do so over the internet using desktop sharing software. Initially, I was thinking Teamviewer, which is pretty easy to set up and has gotten great reviews. I’ve tried using freeVNC, but found the steps laborious for setting it up, and I actually have used the free version of CrossLoop with my mom – a 70 year old woman that is extremely technophobic (yeah Crossloop).

In the institution in which I wanted to give some free desktop support to my professors, I was prohibited from installing ANY remote access apps due to their IT policy, which prohibits such apps due to the security risks.

My questions are:

1.) Is this a reasonable and common restriction in companies and institutions ?

2.) Are some remote desktop apps that are known to have exposed vulnerabilities that were easily exploited by hackers ?

3.) Does anyone have some suggestions on how I might share a remote user’s desktop while respecting IT department’s concerns over security vulnerabilities ?

 

  1. Oron
    May 7, 2012 at 8:37 pm

    I agree with the others. It is reasonable to protect your network from outside interference. Whether or not it is reasonable in your particular case is impossible for us to say. All remote access programs are vulnerable. Even if they have no bugs as such (what software doesn't), the fact that someone from the outside can get into the computer, and through it to the network, is a potential threat. It's a question of assessing that threat, which is part of the role of an IT department.

    I provide support to my clients using TeamViewer and, like Mike & Bruce, I use TeamViewer QS which does not require installation and which requires explicit invitation from the customer for support (unlike MS Remote Desktop, or vaious configs. of VNC, for example).

    All that said, If you want to have ocassional access to remote PCs/Macs, you could try https:/join.me which works over the web on an ad-hoc basis (I believe it requires Java support). It may get around your institutions systems, and may not even break their policies! On the other hand, check the user policies, as these may forbid people from getting into others' computers and both you and your profesors could end up in trouble!

  2. Mike
    May 7, 2012 at 6:20 pm

    1. Depends on the data you are trying to protect and the needs for less restrictive policies.

    For example if the IT department is on campus within the same network there is no reason to allow remote access via the Internet.
    Having remote access to a single machine technically allows you to compromise the entire network. Therefor the policy simply spares them from locking down the entire internal network ~ which by the way is an extensive task requiring a lot of regular maintenance.

    At my company we only allow remote access (both, remote desktop and file server access) via Cisco IPsec or 256-bit L2TP. We do have TeamViewer at a single server [for external support of the system] but it's the QS version which needs to be run manually (no autostart).

    2. I believe TeamViewer is a secure choice in that matter, same goes for GoTo Assists ~ I haven't really looked into other solutions.

    3. If your professor is using Chrome you could look into Chrome Remote Desktop
    https://chrome.google.com/webstore/detail/gbchcmhmhahfdphkhkmpfmihenigjmpp
    Other possible options would be Skype or other browser based screen sharing solutions e.g. via Flash.
    Depending on the exact phrase of the policy one of those options might be legitimate although it's still a "cheap circumvention" of the policy.

    • Mike
      May 7, 2012 at 6:23 pm

      "remote access" seen as a paraphrase for remote access from the internet.

      On the local network we obviously allow file server access to all local users and remote desktop via admin account and password.

  3. ha14
    May 7, 2012 at 5:34 pm

    from your mobile or internet tablet?

  4. Bruce Epper
    May 7, 2012 at 12:47 pm

    Most companies anywhere will restrict RDP access to machines. Some will allow internal machines to use RDP for end-user support. I used to work in one such place. If I was at my desk, I could use remote support to troubleshoot problems on an end-user's machine. If I was at home, my RDP requests were blocked by an incoming rule in the corporate firewall (rule was established by me, by the way).

    Is it reasonable? That depends on what is being protected. In most cases, it is very reasonable. Is it common? Yup.

    At some point, pretty much every RDP app has had its vulnerable moments. Nothing is EVER 100% secure and free of defects.

    RDP software has been found to have faults, including the built-in stuff that Microsoft provides as seen here http://technet.microsoft.com/en-us/security/bulletin/ms05-041. This is not the only or the latest vulnerability to hit Microsoft's RDP software, just the first one I pulled a reference for.

    I use TeamViewer for remote support. The end user has the TeamViewerQS app on their end, so they must initiate the support by starting the app and relaying the credentials to allow me access. By using it in this manner (instead of using the host mode on the machines), it forces interaction between the user and support to get access to the machine. From a security standpoint, this is much better and may allow you to convince the IT support group to modify firewall rules (if required) to allow this access as well as alter their policies regarding remote access.

  5. Susendeep Dutta
    May 7, 2012 at 9:14 am

    Most of the IT companies have some restrictions to protect their data and network from viruses and hacking.They do so in many ways and one of them is strict control over software installations.They first test those softwares fully to meet their needs, deploy and train their employees for using them.

    Any software which becomes popular becomes a target of hackers and they try to find some security holes to exploit them.So,no software is free from attacks.

    If you're using windows and want to prevent using additional software but still want to provide remote support then you have to use Windows' built-in Remote desktop software .

    MUO also has an article on how to make Microsoft Remote Desktop a portable app -

    http://www.makeuseof.com/tag/make-microsoft-remote-desktop-a-portable-app/

Ads by Google