Re: pcanywhere

["Garrahan, Kelvin" <Kelvin.Garrahan () compaq com>]

Hi,

Using PC anywhere is a risk, as is any other remote management software,
what needs to be decide how much of a risk it is and how to minimise the
threat. What is required is that you control the level of access, provide
for strong authentication (OTP's or Certificates). If connecting across a
public medium like the Internet use encryption to protect the traffic from
being sniffed. One other thing that is mentioned is that the location from
which a VPN is being initialised, must be secure. This means that not only
does the PC (terminal) initialising the tunnel be subject to physical access
security but also be protected from other unauthenticated users piggy
backing  traffic on the VPN. For example:

A Remote manager is connected via an ISP to the Internet and establishes a
VPN Tunnel to his Corporate network to remote manage Servers etc. A cracker
is scanning the ISP randomly trying to connect to dialup clients, or has
installed a sniffer upstream of the remote user. Either way the cracker
becomes aware of a VPN tunnel emanating from a dialup client to the ISP. The
cracker could then attack the Remote managers PC, enabling IP forwarding for
instance, and route packets down the VPN tunnel to the Corporate network.
This is similar to BO2K Trojan being leveraged to piggy back on the VPN.

A solution to this problem is to have a Firewall protecting the Remote
Client, as well as appropriate Virus software to detect the latest Trojans.
Checkpoint are about to ship a personal Firewall which is designed with this
weakness in mind, which would secure a remote user who periodically accesses
directly to a public untrusted network.

regards

Kelvin.

Kelvin Garrahan
Security Consultant
Compaq Professional Services