We use PCanywhere with PCA encryption via a VPN link double your pleasure with no problems and I would have to say unless the remote users machine is compromised you would not have any problems. The latter point is something to always consider and best practices such as AV and desktop policies will protect this remote machine from the majority of nasties on the net.
your pro's on this is that it is a DSL customer and that there is a high probability that he/she can obtain a static IP Depending on your Security model you can deploy a desktop policy. using PCA you can set it to authenticate via a NT domain you can also require the host machine to only allow PCA authentication. your right these remote "my<insert name of choice>pc" web based access tools are weak and force you to "trust" a third party. if your using NAT you can try port mapping however the better way would be to use static NAT for this then your routing issues are solved (feature of Check Point ) if not then look into your firewall software or ping your vendor for advice on static natting again... your allowing this one user so this narrows down the opportunity of others to use this as a entrance way. I'd also make sure that your anti spoofing measures are up to date as well. Hope this helps Regards, Bill Chief Security Officer CyberBase7 Security Services METRO-SOC Email:[EMAIL PROTECTED] WWW:http://www.cyberbase7.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, July 22, 2002 3:35 PM To: [EMAIL PROTECTED] Subject: PCanywhere: security of it and operation over DSL/cable modems We have a workstation at the office that needs to allow a user remote access for running software on the workstation. I don't think a VPN will work because the user MUST run the software on this machine, as if he was seated at it. I'm looking at gotomypc.com and pcanywhere. I don't feel comfortable using gotomypc.com as this is proprietary company information and I don't trust someone else having the access information for the workstation that has the info on it. My questions are as follows: 1. Has anyone got experience with the security of PCanywhere running over a DSL/cable modem connection? What should I watch out for? From what I understand, I can use HTTPS as one of the options for the connection. Anyone know the encryption level? Are all parts of the transactions secured with encryption? 2. How does the software work if it's over a broadband connection? My internal IPs aren't valid for routing. How does the software know a connection is being initiated? 3. Any better solutions come to mind? I'd rather have a PITA setup that's secure than a simple one that's not. 4. What security measures should I implement on the users PC to make sure that it's secure as well? I won't have physical access to it but for the initial setup. I'll be interested in seeing if this gets posted at all due to the recent acquisition of securityfocus by Symantec. Can't bite the hand that feeds you, I guess. Many thanks for any help. Long time reader (well, several months at least), first time poster.
