Infrastructure // Networking
10:50 PM
Fred Langa
Fred Langa
Connect Directly
Repost This

Langa Letter: How To Ensure Remote-Control Security With XP

XP's built-in Remote Desktop, Remote Desktop Web Connection, and Remote Assistance are great tools, Fred Langa says, but only if you carefully manage their security implications.

Controlling LAN Access
General LAN access likewise has to be managed, if the RC PC is on a network: Sensitive files on all the LAN's PCs should be locked down (either by setting up file-sharing access via Groups, or at least using password-level protection). It's probably OK to leave "Shared Folders" generally accessible; that's what they're there for: A remote user usually can drop off or pick up files in a Shared Folder without compromising the general security of a PC. But even the simple Shared Folder offers several security options, as is described in How to disable simplified sharing and set permissions on a shared folder in Windows XP. Use the highest security setting you can, short of making access too hard for normal use.

And, of course, all admin accounts on all PCs and servers on any LAN also should have strong passwords. (Actually, it's simpler to say "all accounts on all systems must have strong passwords," but in the real world, that's probably not going to happen. So: at least the admin-level accounts must have strong pa sswords.)

The idea in all of the above, of course, is to make it hard for an intruder to discover the PC that can be controlled remotely; and then, if they do discover it, to make it hard for them to actually gain any access to that PC; and, if they do gain access, to make it hard for them to gain potentially harmful privilege levels on that PC; and to make it difficult for the intruder to access the LAN; and if they do get on the LAN, make it hard for them to gain access to other machines or files there.... Whew!

You get the idea: By having so many barriers in the way of an intruder, you can make illicit access highly unlikely in the first place; and then severely constrain potential exposure and damage, even in a worst-case scenario, where someone does hack into a RC PC.

It also helps enormously NOT to leave Remote Control enabled and available, until or unless it's going to be needed. For example, you might turn it on as you're leaving the office, and then turn it off from home when you're done for the night.

And note that in many of the above steps strong passwords are key: An intruder faced with a series of different, unique, difficult, and un-guessable passwords at every access level to a system or LAN faces a much harder task than otherwise. Absent some driving personal motivation, most casual hackers will simply give up and look for easier targets -- and that's what you want. Although in theory almost any system can be hacked, if you make yours much, much harder to get into than the guy next door's, most hackers will go after the easier target.

For more information on safe passwords, see "How To Safely Store And Manage Passwords"; we'll also update the information in that article in an upcoming column.

Remote Control Services: Proceed With Caution
Once you start using them, you may wonder how you got along without XP's Remote Control services: I use it literally every day to help manage the PCs in my office.

But you do have to be aware of the security implications, and take proper steps to ensure that only authorized users can access the Remote Controllable PCs. With the information above, you should be able to do just that!

To discuss this column with other readers, please visit Fred Langa's forum on the Listening Post.

To find out more about Fred Langa, please visit his page on the Listening Post.

2 of 2
Comment  | 
Print  | 
More Insights
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.