Security Basics mailing list archives

Re: FW: Question about GoToMyPc services

From: Sagiko <sagiko () gmail com>
Date: Sat, 13 Aug 2005 12:59:18 +0800

hi, 

Just some extra information about GoToMyPc from some experience in my place.

Actually the port 8200 is not necessory for using the GoToMyPc
although it would optimized the performance according to their
engineers.  If your block this port, the GoToMyPc will automatically
tunnel the traffic through port 443 (SSL).  So as long as your
firewall allow outbound 443 (SSL) connections to anywhere (most
companies will allow this as long as they allow the user to access the
web) , GoToMyPc will be working.

Also depends on your region, the GoToMyPc service will go to a
particular Citrix's server. And you can get this list from the
support.

regards,
Rick Zhong Liming

====================================================
Welcome to SINgapore <IN>FOSECurity Interest Group at:
www.sinfosec.org
  



On 8/11/05, Ms. Judith Taylor <jtaylor () acvna org> wrote:

First, I want to thank everyone for their help in pointing me to the
needed information. I have now resolved the situation and my concerns
have been laid to rest (as much as it can with anyone having remote
access to one of my machines). ;) I realize now that I should have
looked on Citrix's site for the information, not GoToMyPc.com.

Second. Ju Ne, my company also deals with HIPAA issues, as does the
vendor who requested/requires GoToMyPc. From what I can tell from
reading their white papers, they do not store any information that
passes through their service. They are simply the means for remote
connection. Their white paper on Security states that all information
that passes between the two computers is encrypted at all points of the
transmission. From that, I believe they avoid any possible problems with
HIPAA compliancy.

Hope that helps Ju Ne.

Judith

Ju Ne wrote:

Judith,

Thank you for bring up GoToMyPc services.  We have several users
utilizing that service in my organization and I haven't had time to do
the necessary testing.  I would like to add another question to the
discussion.

My company works with health information which is protected by HIPAA.
Do you know if they store the information that passes through their
network?  If they do then it would be a HIPAA violation.


ddjjembe


--
Ms. Judith Taylor
Director - Information Systems
Appalachian Community Visiting Nurse Assoc.,
Hospice and Health Services, Inc.
740.594.8226    http://www.acvna.org

Current thread:

Question about GoToMyPc services Ms. Judith Taylor (Aug 10)
- Re: Question about GoToMyPc services JM (Aug 12)
- <Possible follow-ups>
- FW: Question about GoToMyPc services Ju Ne (Aug 12)
  - Re: FW: Question about GoToMyPc services Ms. Judith Taylor (Aug 12)
    - Re: FW: Question about GoToMyPc services Sagiko (Aug 15)