There is a pretty good description of their security if you visit www.go2mypc.com and follow the How it Works links to the Security White Paper. The diagram in the PDF shows use of RSA SecureID as an option you could use in conjunction with what is already in place.
We don't allow users to VPN in to the company from their personal computers. If you do support this, then any trojans, viruses, etc. that they have on their personal computers are now on your internal network. One advantage of Go2MyPC is that it acts more like a pcAnywhere session but you aren't putting the remote computer directly onto your internal network. They can still transfer files, good or bad, to their PCs, but chances are they could bring in a floppy or CD and do the same when in the office. Certainly Expertcity's entire reputation (now owned by Citrix) is based on their security model. Whether you choose to trust them or not is a decision you have to make, just as you would if you were outsourcing your VPN infrastructure. If your office PCs use Windows XP and your users are able to connect by VPN, you could choose to enable Remote Desktop. This allows you to use your PC like you would remotely administer a server with the same RDP client. You don't need to install anything additional to use this capability, but it is disabled by default and you would need to configure the allowed accounts on each PC. If you must allow connection from non-company PCs, then Go2MyPC might be worth consideration. I would prefer to not allow non-company PCs at all, but you may not have that choice. Jeff Salisbury Network Infrastructure and Security Manager Belkin Corporation Information Services 310 604-2061 310 604-2022 fax www.belkin.com -----Original Message----- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 8:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] go to my pc, revisted 1. where? mostly from home, though i'm sure some will from hotels as well. 2.win2k/xp. 3.we have a cisco vpn concentrator 4.there's a desire to have them access their machines without any client software install or config. minimal involvment on their part is the attraction. thanks -----Original Message----- From: Brent Westmoreland [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 10:10 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] go to my pc, revisted Couple of questions Tom. Where do the managers want to access their PCs from? What is your operating systems base? Are all of your managers machines windows xp? Do you have vpn enabled at your site? Is there a requirement that they be able to access the machines via a web interface? > From: "Kern, Tom" <[EMAIL PROTECTED]> > Reply-To: <[EMAIL PROTECTED]> > Date: Tue, 25 May 2004 09:16:30 -0400 > To: <[EMAIL PROTECTED]> > Subject: [ActiveDir] go to my pc, revisted > > i've posted before about this issue. a recap- my cio wants to give himself and > some mangers access to their office pc's via Go To My PC. the attraction is no > client to install and configure ala vpn or terminal services. > i'm trying to push remote desktop web services but he's not bitting. he feels > installing IIS and configuring it on the target pc is just as much of a > headache( i counter that thats why you have a salaried IT staff and thats the > price you pay for complete control). also, he thinks IIS has had a history of > vulnerablities whereas Go To My PC has had none so far and is relaible. > > > also, on my side, don't i have to then set up Port address translation on my > firewall/router for this to work? the client would have to connect via ip or i > have to make a dns entry on my public dns server for everyone who wants to > connect to their office? i don't see that as a good idea ethier. > i guess i'm looking for some more info on go to my pc and how it really works > and why its a really bad idea(documentation or techincal reasons) and why > jumping thru hoops to get remote desktop web is really worht it in > comparison(disregarding vpn for the moment). > and finally, someone has stated on this list that the target pc can only run > on winxp but i see the activex control download for win2k and nt as well. > > Thanks and i apologize for bringing this up again, but i really HATE the idea > of Go To My Pc and outsourcing my security to some third party. I just need > some more ammo for my argument. > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Sent using the Microsoft Entourage 2004 for Mac Test Drive. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Confidential This e-mail and any files transmitted with it are the property of Belkin Corporation and/or its affiliates, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipients or otherwise have reason to believe that you have received this e-mail in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
