I am frequently asked about the security of different remote control software solutions. Are they really safe? Which one of them is the most secure? It's hard to name one categorically, but thinking of it I came to some interesting conclusions, applying to the security of client-server solutions from data trespass.
Nowadays there are two kinds of user interfaces for the remote access. The operation principle of the first one is the following: client program's user needs to enter a remote computer's name, login and password to get a remote access to the PC (e.g. Radmin or NetOp).
To use the second kind of programs user needs to visit a developer's web-site, log into his/her personal account and choose a remote computers name from the list (e.g. LogMeIn and GoToMyPC).
The first kind of programs provides users' private information safety due to their own security systems, based on data encrypting. As for the web-based solutions, their security can be a point at issue.
It is said that reliable encrypting algorithms don't let phishers get an unauthorized remote access to the computer. But is that true? Today this question becomes more and more topical because of the growing level and new types of cybercrimes; after all the data protection is critically important both for the corporate users and the home ones.
At the same time, by choosing web-based remote access, users entrust their private information to the applications' developers who keep that information on the developers' servers. And, since no company is guaranteed against dishonest employees, that private information may become vulnerable at any time.
A lot of users also mistakingly suppose that working remotely from home they don't endanger their private information because a properly defended home PC hardly ever can be infected with keyloggers or any other spyware. Many people forget or simply don't know that this kind of work is not safe at all. Actually a phisher can easily capture user's request to the program developer's web-site and get confidential information.
Right after the capture user will be forwarded to the copy of the requested web-site, where he/she with no doubts will enter login and password to the account. This is just the same as simply to give an intruder the key to all data on the PC. And user can miss the fact of fraud: system will show an authorization error notification, and user will be forwarded to the legal web-site, thinking that it was merely an average system error.
This kind of fraud is called phishing (password + fishing) and is one of the most wide-spread in the Internet. The simplest phishing web-sites can be easily detected by the Internet security systems, but in more difficult cases they are useless. For example, web-site based on flash technology looks just like the real one, but text is hidden in the multimedia objects. Security systems can't define this web-site as the phishing one, and user turns out to be disarmed in front of phisher.
Client-server remote control software solutions, such as Radmin and NetOp, are more secure, they make phishing impossible, because users don't need to connect to the web-site and can start a client module even from a flash drive. So anyway it's always your choice.
About the Author: I am an IT-specialist interested in systems administration and remote access technology that makes me mobile. I would like to share my experience of managing computer networks and using of remote access software.
0 komentar:
Posting Komentar