Educause Security Discussion mailing list archives
Re: Dameware mini remote control
From: William Forte <wforte () MAIL URI EDU>
Date: Thu, 21 May 2009 09:01:34 -0400
Wow, someone using Dameware for legitimate purposes? Now that's a shocker. Couple years back that was the number one sign of trojan infection that I came across. Dameware NT was a favorite among the script kiddies and malware writters. Most of them eventually realized that it was impossible to manage a botnet over 10 - 15 computers in a "hands-on" type of administration style. Eventually they all migrated to IRC bots &script execution and then eventually to web based call-ins. It's worth noting that you should check out http://secunia.com/advisories/product/3247/?task=advisories, and make sure your vendor isn't doing something dumb like using an old version of the product. Dameware has a lot smaller market share than VNC or RDP so I'd suspect not a lot of security researchers spend a massive amount of time looking for vulnerabilities in it. Nonetheless, if you properly utilize the IP filtering (and/or use IPSec), enable encryption, and maybe even require that they VPN in prior to connection then you can basically lock it down to the point where someone would have to hack your vendor/other IPs you allow access, before they are going to be able to hack your display units. Respectfully, William Forte Information Security Specialist - University of Rhode Island
Current thread:
- Dameware mini remote control Mayne, Jim (May 18)
- <Possible follow-ups>
- Re: Dameware mini remote control Kellogg, Brian D. (May 18)
- Re: Dameware mini remote control Wayne J. Hauber (May 19)
- Re: Dameware mini remote control Ullman, Catherine (May 19)
- Re: Dameware mini remote control Clark, Sean (May 19)
- Re: Dameware mini remote control Ullman, Catherine (May 19)
- Re: Dameware mini remote control Phil Lambert (May 20)
- Re: Dameware mini remote control William Forte (May 21)
- Re: Dameware mini remote control Alex (May 21)