Hi. I haven't used PC-Anywhere in a secure fashion... ever... 1/2 :) . But I have a couple ideas. During our FISCAM audit (a government agency kind of thing), we had a comment that our remote access solution, VNC (google VNC to find it) was not secure because the VNC server stored the passwords in the local registry using weak encryption. So this is something to keep in mind for PC Anywhere, where is the password stored, and how is it encrypted.
HTTPS implies using the Secure Sockets Layer, a 128 bit encryption. I don't much about it, but certificates and who holds them and who authenticates them are key issues that you may want to investigate. VNC can be tunneled using SSH, which can use Public/Private key encryption, which would remove the above certificate issue (but you are stuck with the weak password encryption). I think that since you use non routable IP's in your LAN that you would have to proxy the PC Anywhere connection at the firewall. Or, put the machine outside your NAT translation device. AS for physically securing the users PC, you can buy dummy keyboards... It's just a device that plugs into the back of the pc that simulates a keyboard to the motherboard. This would be an additional security layer (and somewhat lame) over locking the office that the computer is located in. I've used Pc Anywhere using TCP/IP over a T-1 connection. It works OK in terms of functionality. In terms of security, it's passing information that tells the screen to redraw, which could be argued is a form of encryption (a form that can be read by every other copy of PC Anywhere...). So it's not passing clear text passwords at least. Good luck! Tell us what you end up doing, I'd be interested in what you find out and what you implement. Regards, Dave -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, July 22, 2002 4:35 PM To: [EMAIL PROTECTED] Subject: PCanywhere: security of it and operation over DSL/cable modems We have a workstation at the office that needs to allow a user remote access for running software on the workstation. I don't think a VPN will work because the user MUST run the software on this machine, as if he was seated at it. I'm looking at gotomypc.com and pcanywhere. I don't feel comfortable using gotomypc.com as this is proprietary company information and I don't trust someone else having the access information for the workstation that has the info on it. My questions are as follows: 1. Has anyone got experience with the security of PCanywhere running over a DSL/cable modem connection? What should I watch out for? From what I understand, I can use HTTPS as one of the options for the connection. Anyone know the encryption level? Are all parts of the transactions secured with encryption? 2. How does the software work if it's over a broadband connection? My internal IPs aren't valid for routing. How does the software know a connection is being initiated? 3. Any better solutions come to mind? I'd rather have a PITA setup that's secure than a simple one that's not. 4. What security measures should I implement on the users PC to make sure that it's secure as well? I won't have physical access to it but for the initial setup. I'll be interested in seeing if this gets posted at all due to the recent acquisition of securityfocus by Symantec. Can't bite the hand that feeds you, I guess. Many thanks for any help. Long time reader (well, several months at least), first time poster.
