Firewall Wizards mailing list archives
Fwd: Assessment Of GoToMyPC vs. Network Security
From: "Layer One" <layeronecfp () gmail com>
Date: Fri, 7 Apr 2006 09:12:07 -0700
This was ment to go to the list and not just Paul. I suck at the interweb this morning. From: Layer One <layeronecfp () gmail com> Date: Apr 7, 2006 9:11 AM Subject: Re: [fw-wiz] Assessment Of GoToMyPC vs. Network Security To: "Paul D. Robertson" <paul () compuwar net> I was tasked with doing a similar assessment a while back for GoToMyPC. I ultimately told the business that it was a bad idea. First off, there is the tunneling issue. While GoToMyPC actually does give the admins a fair ammount of control over who can do what, where, and when, it does allow users to basically tunnel around your secure end-points. The other issue I had with it is that of the remote host computers. If you cant validate the security of the remote host, then you shouldnt let it on your network, plain and simple. If your company is looking for a remote access solution, they need to go with an in-house, enterprise wide solution. If its just remote access to applications or internal web resources theres any number of solutions (in-house Citrix solutions, SSL VPNs, etc). If you are looking for a full remote access solution, go with a proven VPN solution, some good network architecture, and NAC/NAQ to make sure that the connecting end points adhere to your corporate standards. However, one good thing I will say about GoToMyPC is that they are really good about helping you block their product if you want them to. In addition to putting your own blocks in on your firewall, if you contact them and flat out say 'I work for XYZ Corp and we dont want our users using your service', they will block your address space within their own systems. This helps cut down on users going out on their own, installing it with a personal account, then bypassing your policies. On 4/7/06, Paul D. Robertson <paul () compuwar net> wrote:
On Tue, 4 Apr 2006, Jim Seymour wrote:servers and network. There doesn't appear to be *anything* to prevent any employee from signing up for their own GoToMyPC account, installing the requisite software on their desktop, and having their way with their desktop PC from anywhere in the world. There's reallyYou can control what software an employee can install, that's getting easier/better in a Windows environment. You can for instance, regularly download the software, MD5 it and block it by MD5. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." http://fora.compuwar.net Infosec discussion boards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Assessment Of GoToMyPC vs. Network Security Jim Seymour (Apr 07)
- Re: Assessment Of GoToMyPC vs. Network Security Paul D. Robertson (Apr 07)
- Re: Assessment Of GoToMyPC vs. Network Security Jim Seymour (Apr 07)
- Re: Assessment Of GoToMyPC vs. Network Security Chris Byrd (Apr 09)
- Re: Assessment Of GoToMyPC vs. Network Security Brian Loe (Apr 09)
- Message not available
- Fwd: Assessment Of GoToMyPC vs. Network Security Layer One (Apr 07)
- Re: Assessment Of GoToMyPC vs. Network Security Jim Seymour (Apr 07)
- Re: Assessment Of GoToMyPC vs. Network Security Paul D. Robertson (Apr 07)
- Re: Assessment Of GoToMyPC vs. Network Security Joe Matusiewicz (Apr 07)
- Re: Assessment Of GoToMyPC vs. Network Security Kevin (Apr 09)
- Re: Assessment Of GoToMyPC vs. Network Security Chris Byrd (Apr 09)
- Re: Assessment Of GoToMyPC vs. Network Security Clayton Scott Kern (Apr 09)