RE: GOTOMYPC Corporate?

["Graydon McKee" <graydon.s.mckee.iv () orcmacro com>]

We are using it here with pretty good results.  One of the benefits is that the user can access
their machine from any other machine without the need for special VPN software or hardware.  We
don't have any issues with HIPAA or PHI so that was never a factor for us.  The only thing that
causes a concern for me right now is that every machine that has it loaded is constantly connecting
to the gotomypc servers via port 8200.  gotomypc is rather closed mouthed about this and only
indicates that they utilize "unused bandwidth" and this does not cause an issue.  Granted that may
be the case but I have been concerned when 18% of my current bandwidth consists of these machines
connecting to gotomypc even when they are not in use.  Since the decision to utilize this software
was decided at paygrades above mine, I can only monitor the situation and gather information.  When
I find issues with its use then I'll make a move to re-evaluate the deployment of gotomypc.  

Aside from that one issue, our experience has been rather positive.  

Graydon S McKee IV - GSEC
Firewall/Security Administrator
ORC Macro - Macro International
11785 Beltsville Drive
Calverton, Maryland 20705
301-572-0583 Fax: 301-572-0982
 
-----Original Message-----
From: Scott.Swenka () sunhealth org [mailto:Scott.Swenka () sunhealth org] 
Sent: Friday, March 05, 2004 12:20 PM
To: security-basics () securityfocus com
Subject: GOTOMYPC Corporate?

So what is the general consensus on GOTOMYPC Corporate?

Personally, I don't have alot of trust or warm and fuzzy feelings about it,
due to the risks it poses, and the possible potential of PHI
(Private/Personal Health Information), and Financial data being leaked out.
As well as the concerns with it pertaining to HIPAA compliancy.

What is everyones elses feelings on it?

Personally, I would rather have them come in on a VPN client, and use a
internal VNC (or other remote desktop) solution.

Scott C. Swenka
Network Security
Sun Health Corporation


*******************************************************************************

The information contained in this transmission may be legally privileged
and/or confidential information. Any dissemination, distribution or copying
of this transmission by anyone other than the intended recipient is
strictly prohibited. If you receive this in error, please inform the sender
immediately and remove any record of this message.
*******************************************************************************





---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Attachment: Graydon McKee.vcf
Description:

Attachment: smime.p7s
Description: