Langa Letter: How To Ensure Remote-Control Security With XP
XP's built-in Remote Desktop, Remote Desktop Web Connection, and Remote Assistance are great tools, Fred Langa says, but only if you carefully manage their security implications.
Controlling LAN Access
General LAN access likewise has to be managed, if the RC PC is on a network: Sensitive files on all the LAN's PCs should be locked down (either by setting up file-sharing access via Groups, or at least using password-level protection). It's probably OK to leave "Shared Folders" generally accessible; that's what they're there for: A remote user usually can drop off or pick up files in a Shared Folder without compromising the general security of a PC. But even the simple Shared Folder offers several security options, as is described in How to disable simplified sharing and set permissions on a shared folder in Windows XP. Use the highest security setting you can, short of making access too hard for normal use.
And, of course, all admin accounts on all PCs and servers on any LAN also should have strong passwords. (Actually, it's simpler to say "all accounts on all systems must have strong passwords," but in the real world, that's probably not going to happen. So: at least the admin-level accounts must have strong pa
The idea in all of the above, of course, is to make it hard for an intruder to discover the PC that can be controlled remotely; and then, if they do discover it, to make it hard for them to actually gain any access to that PC; and, if they do gain access, to make it hard for them to gain potentially harmful privilege levels on that PC; and to make it difficult for the intruder to access the LAN; and if they do get on the LAN, make it hard for them to gain access to other machines or files there.... Whew!
You get the idea: By having so many barriers in the way of an intruder, you can make illicit access highly unlikely in the first place; and then severely constrain potential exposure and damage, even in a worst-case scenario, where someone does hack into a RC PC.
It also helps enormously NOT to leave Remote Control enabled and available, until or unless it's going to be needed. For example, you might turn it on as you're leaving the office, and then turn it off from home when you're done for the night.
And note that in many of the above steps strong passwords are key: An intruder faced with a series of different, unique, difficult, and un-guessable passwords at every access level to a system or LAN faces a much harder task than otherwise. Absent some driving personal motivation, most casual hackers will simply give up and look for easier targets -- and that's what you want. Although in theory almost any system can be hacked, if you make yours much, much harder to get into than the guy next door's, most hackers will go after the easier target.
Remote Control Services: Proceed With Caution
Once you start using them, you may wonder how you got along without XP's Remote Control services: I use it literally every day to help manage the PCs in my office.
But you do have to be aware of the security implications, and take proper steps to ensure that only authorized users can access the Remote Controllable PCs. With the information above, you should be able to do just that!
To discuss this column with other readers, please visit Fred Langa's forum on the Listening Post.
2014 Next-Gen WAN SurveyWhile 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?