Re: Dameware mini remote control

[William Forte <wforte () MAIL URI EDU>]

Wow, someone using Dameware for legitimate purposes? Now that's a shocker. Couple years back that was the number one 
sign of trojan infection that I came across. Dameware NT was a favorite among the script kiddies and malware writters. 
Most of them eventually realized that it was impossible to manage a botnet over 10 - 15 computers in a "hands-on" type 
of administration style. Eventually they all migrated to IRC bots &script execution and then eventually to web based 
call-ins.

It's worth noting that you should check out http://secunia.com/advisories/product/3247/?task=advisories, and make sure 
your vendor isn't doing something dumb like using an old version of the product. Dameware has a lot smaller market 
share than VNC or RDP so I'd suspect not a lot of security researchers spend a massive amount of time looking for 
vulnerabilities in it. Nonetheless, if you properly utilize the IP filtering (and/or use IPSec), enable encryption, and 
maybe even require that they VPN in prior to connection then you can basically lock it down to the point where someone 
would have to hack your vendor/other IPs you allow access, before they are going to be able to hack your display units.

Respectfully,
William Forte
Information Security Specialist - University of Rhode Island