> 1. Has anyone got experience with the security of PCanywhere running over a DSL/cable modem connection?
The physical medium isn't really the issue...if it's IP-based, and accessible, it doesn't matter if it's satellite, dial-up, on a LAN, or DSL. > What should I watch out for? Basic security principles apply...as ever. > I can use HTTPS as one of the options for the connection. Anyone know the encryption level? What did the vendor say when you checked their web site or called them? It *is* SSL, so your range of possible answers would be limited. As to the issue of encryption...you're concerned about sniffing, right? Use encryption, by all means, but one would think that you'd also want to make sure no one's loaded said sniffer on the LAN on either end... > 2. How does the software work if it's over a broadband connection? Most likely, pretty much the same way it works over dial-up...only faster. > My internal IPs aren't valid for routing. How does the software know a connection is being initiated? B/c you'll have set up routes at your firewall or router. > 3. Any better solutions come to mind? I'd rather have a PITA setup that's secure than a simple one that's not. No, you wouldn't. The old saying about a wise man learning from the mistakes of others and the fool learning from his own applies. PITA solutions get circumvented, for the very fact that they are PITA. Really, I don't see the issue here. pcAnywhere has encryption, so set it up on the host, and have a strong password. Or, tie the authentication to the NT domain (if that's what you're using) b/c you should already have strong passwords...you do, don't you? Then set up the routes at your firewall or router. If the person accessing the host has a static IP, you can have a f/w rule that says to only accept pcAnywhere connections from that IP, and then forward them to the host on the inside. > 4. What security measures should I implement on the users PC to make sure that it's secure as well? I won't have physical access to it but for the initial setup. Good question...that's your real concern out of this entire issue. How do you know that other guy's box hasn't been compromised? Well, you could have certain requirements met...minimum settings, etc. Either way, you're going to have to trust the guy if this is the solution you're going with. > I'll be interested in seeing if this gets posted at all due to the recent acquisition of securityfocus by Symantec. Can't bite the hand that feeds you, I guess. I don't see what you're getting at. Symantec has stated that it's going to be "hands off" w/ the companies it's purchased...so why wouldn't your message get posted? Besides, you didn't make any overtly derrogatory comments about pcAnywhere...so how were you biting that hand that feeds you? __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com
