Welcome to the SecAware blog

I spy with my beady eye ...

11 Mar 2005

GoToMyPC remote control security

GoToMyPC is a system for users to permit full remote access to their systems through the Internet from a standard browser. The system has clearly been designed with security in mind, incorporating numerous security controls as documented in this paper. However, no system is totally idiot-proof. If the additional two-factor authentication controls and other security mechanisms available in the high-end Corporate version are not used properly, a determined idiot can grant full remote access to anyone. Do you monitor or restrict out/inbound HTTP connections to/from GoToMyPC servers on your network? What about other similar systems? [By the way, the paper itself is a model of clarity. If only all system security designs were so thoroughly thought-out and so clearly and comprehensively documented!]

No comments:

Post a Comment