Infrastructure
Commentary
6/2/2005
10:50 PM
Fred Langa
Fred Langa
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Langa Letter: How To Ensure Remote-Control Security With XP

XP's built-in Remote Desktop, Remote Desktop Web Connection, and Remote Assistance are great tools, Fred Langa says, but only if you carefully manage their security implications.

Controlling LAN Access
General LAN access likewise has to be managed, if the RC PC is on a network: Sensitive files on all the LAN's PCs should be locked down (either by setting up file-sharing access via Groups, or at least using password-level protection). It's probably OK to leave "Shared Folders" generally accessible; that's what they're there for: A remote user usually can drop off or pick up files in a Shared Folder without compromising the general security of a PC. But even the simple Shared Folder offers several security options, as is described in How to disable simplified sharing and set permissions on a shared folder in Windows XP. Use the highest security setting you can, short of making access too hard for normal use.

And, of course, all admin accounts on all PCs and servers on any LAN also should have strong passwords. (Actually, it's simpler to say "all accounts on all systems must have strong passwords," but in the real world, that's probably not going to happen. So: at least the admin-level accounts must have strong pa sswords.)

The idea in all of the above, of course, is to make it hard for an intruder to discover the PC that can be controlled remotely; and then, if they do discover it, to make it hard for them to actually gain any access to that PC; and, if they do gain access, to make it hard for them to gain potentially harmful privilege levels on that PC; and to make it difficult for the intruder to access the LAN; and if they do get on the LAN, make it hard for them to gain access to other machines or files there.... Whew!

You get the idea: By having so many barriers in the way of an intruder, you can make illicit access highly unlikely in the first place; and then severely constrain potential exposure and damage, even in a worst-case scenario, where someone does hack into a RC PC.

It also helps enormously NOT to leave Remote Control enabled and available, until or unless it's going to be needed. For example, you might turn it on as you're leaving the office, and then turn it off from home when you're done for the night.

And note that in many of the above steps strong passwords are key: An intruder faced with a series of different, unique, difficult, and un-guessable passwords at every access level to a system or LAN faces a much harder task than otherwise. Absent some driving personal motivation, most casual hackers will simply give up and look for easier targets -- and that's what you want. Although in theory almost any system can be hacked, if you make yours much, much harder to get into than the guy next door's, most hackers will go after the easier target.

For more information on safe passwords, see "How To Safely Store And Manage Passwords"; we'll also update the information in that article in an upcoming column.

Remote Control Services: Proceed With Caution
Once you start using them, you may wonder how you got along without XP's Remote Control services: I use it literally every day to help manage the PCs in my office.

But you do have to be aware of the security implications, and take proper steps to ensure that only authorized users can access the Remote Controllable PCs. With the information above, you should be able to do just that!


To discuss this column with other readers, please visit Fred Langa's forum on the Listening Post.

To find out more about Fred Langa, please visit his page on the Listening Post.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
2014 Next-Gen WAN Survey
2014 Next-Gen WAN Survey
While 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.