GoToMyPC and. pcanywhere. expertcity.com. Remote-Access Technologies: A Comparison of



Similar documents
GoToMyPC. Remote Access Technologies: A Comparison of GoToMyPC and Microsoft Windows XP Remote Desktop

Expertcity GoToMyPC and GraphOn GO-Global XP Enterprise Edition

Multi-Homing Dual WAN Firewall Router

Firewall VPN Router. Quick Installation Guide M73-APO09-380

GoToMyPC Corporate Advanced Firewall Support Features

Guideline for setting up a functional VPN

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Cisco Virtual Office Express

Proxy Server, Network Address Translator, Firewall. Proxy Server

SETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR.

For extra services running behind your router. What to do after IP change

ReadyNAS Remote White Paper. NETGEAR May 2010

Technical Support Information

Machine control going www - Opportunities and risks when connecting a control system to the Internet

Steltronic Focus. Main Desk Internet connection

RemotelyAnywhere Getting Started Guide

3.1 RS-232/422/485 Pinout:PORT1-4(RJ-45) RJ-45 RS-232 RS-422 RS-485 PIN1 TXD PIN2 RXD PIN3 GND PIN4 PIN5 T PIN6 T PIN7 R+ PIN8 R-

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

9 Simple steps to secure your Wi-Fi Network.

Technical papers Virtual private networks

Broadband Phone Gateway BPG510 Technical Users Guide

Firewall Firewall August, 2003

PFSENSE Load Balance with Fail Over From Version Beta3

Understanding the Cisco VPN Client

Chapter 4 Customizing Your Network Settings

Chapter 3 Security and Firewall Protection

Network Defense Tools

Connecting to the Internet. LAN Hardware Requirements. Computer Requirements. LAN Configuration Requirements

LAN TCP/IP and DHCP Setup

Basic Network Configuration

Using Innominate mguard over BGAN

Understand Wide Area Networks (WANs)

Chapter 7. Firewalls

MN-700 Base Station Configuration Guide

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Using Remote Desktop Software with the LAN-Cell

User s Manual TCP/IP TO RS-232/422/485 CONVERTER. 1.1 Introduction. 1.2 Main features. Dynamic DNS

Copyright 2006 Comcast Communications, Inc. All Rights Reserved.

Appendix C Network Planning for Dual WAN Ports

Networking Security IP packet security

UIP1868P User Interface Guide

ACCESSPLUS WAN / INTERNET TRAINING GUIDE 8.10.B

Protecting the Home Network (Firewall)

VPN. Date: 4/15/2004 By: Heena Patel

Internet and Intranet Calling with Polycom PVX 8.0.1

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls.

NAT (Network Address Translation)

Video Conferencing and Firewalls

Multi-Homing Security Gateway

How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client

Virtual Private Networks (VPN) Connectivity and Management Policy

Security Policy JUNE 1, SalesNOW. Security Policy v v

RemotelyAnywhere. Security Considerations

Back to My Mac User s Guide

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Network Address Translation (NAT)

Experiment # 6 Remote Access Services

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

Using a VPN with CentraLine AX Systems

Immotec Systems, Inc. SQL Server 2005 Installation Document

Using Remote Desktop Software with the LAN-Cell 3

Source-Connect Network Configuration Last updated May 2009

How To Set Up A Net Integration Firewall

Using a VPN with Niagara Systems. v0.3 6, July 2013

Control4 MyHome: Remote Access Configuration

2.0 Dual WAN Select Dual-WAN, you will see the following screen shot, Figure 0.1(Dual-WAN Screen Shot) Figure 0.1(Dual-WAN Screen Shot)

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

SSL VPN Technical Primer

Chapter 4 Security and Firewall Protection

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

CMPT 471 Networking II

Chapter 7 Troubleshooting

Load Balancing Router. User s Guide

Chapter 4 Customizing Your Network Settings

Linksys E2500 Wireless-N Router Configuration Guide

S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010

Chapter 4 Firewall Protection and Content Filtering

Chapter 9 Monitoring System Performance

Back to My Mac User s Guide

IP Office - Job Aid Remote Access

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Network and Host-based Vulnerability Assessment

F-SECURE MESSAGING SECURITY GATEWAY

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

VoIP H.323 Series. VoIP Gatways: VoIP 422/404/440/800 VoIP Routers: VoIP 404R/440R/200R/110R. Quick Setup Guide

Com.X Router/Firewall Module. Use Cases. White Paper. Version 1.0, 21 May Far South Networks

How To Configure Apple ipad for Cyberoam L2TP

Connecting the DG-102S VoIP Gateway to your network

TW100-BRF114 Firewall Router. User's Guide. Cable/DSL Internet Access. 4-Port Switching Hub

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Accessing Remote Devices via the LAN-Cell 2

Chapter 8 Router and Network Management

Norton Personal Firewall for Macintosh

How-To: Changing the target IP address for pcanywhere Remote Control

Transcription:

Remote-Access Technologies: A Comparison of GoToMyPC and pcanywhere expertcity.com 1

Table of Contents 1. Executive Summary Remote Control Solutions Revolutionary Solution: Expertcity's GoToMyPC 2. Comparison of the Remote Control Capabilities of GoToMyPC and pcanywhere Need for Client Software Installation Incoming Network Connections How the Connection Is Made Connection Costs Security 3. Summary Comparative Overview of pcanywhere vs. GoToMyPC 2

Executive Summary One of the major issues confronting Information Systems managers today is providing secure access to corporate IS resources to people who are physically located outside of the corporate network. In today's increasingly connected society, traveling salespeople, telecommuters and work extenders all need access to resources on corporate networks. These resources Ñ such as databases, sales tools, email, etc. Ñ are usually behind firewalls for security reasons so that they cannot be accessed from outside the corporation. Remote Control Solutions A common method for allowing remote access to protected computing resources is to use remote control software, such as Symantec's pcanywhereª. Such solutions ship only the screen images and keyboard input between the local and remote computers. This functionality affords remote users access to computers on the corporate LAN, allowing them to remotely access all applications while experiencing the same performance as if they were on the LAN itself. However, traditional remote control solutions bring their own set of management and security challenges. This white paper compares the management and security issues of one market-leading remote control products, pcanywhere, with Expertcity's GoToMyPC. It should be noted that the issues that apply to pcanywhere generally apply to other remote control products. Revolutionary Solution: Expertcity's GoToMyPC Expertcity's GoToMyPC is Web-based screen-sharing software that allows users to access and use any of their computers through the http://www.gotomypc.com Web site. With GoToMyPC, users can see their computer screens and access all of their computers' programs, files and network resources as if they were sitting at and using their computers locally, even though they may be a thousand miles away. All communications between the computers are encrypted using 128-bit encryption. Only screen and keyboard updates are sent between the host and the client computer used to access it (unless the user initiates a file transfer), so bandwidth demands are minimal. Any Internet-connected computer can be used to control the host computer because there is no need to install special software. The client and host computers both initiate outward TCP connections on well-known ports, so firewall changes are usually not necessary. 3

Comparison of the Remote Control Capabilities of GoToMyPC and pcanywhere Need for Client Software Installation pcanywhere: To connect to a computer via pcanywhere, it is necessary to install approximately 20M of software on the computer that will be controlling the remote host. This in itself can lead to management and licensing issues and can compel mobile users to carry a laptop with them simply to have access to the pcanywhere client instead of relying on systems that may be available at their destination. The installed software includes extra device drivers, which is significant in two respects. Firstly, the presence of device drivers requires that the computer be rebooted before it can be used as a client computer; and secondly, these components can give rise to software conflicts with other device drivers that attempt to use the same system resources, in some cases rendering the system unusable. GoToMyPC: GoToMyPC allows users to control their remote machines from any Internet-connected machine using a Web browser, and does not require any special software to be installed ahead of time. Incoming Network Connections pcanywhere: To control a computer via pcanywhere, it is necessary to establish an incoming connection to that computer. The most convenient way to do this is over the network. This provides the best performance and quickest connection setup. However, it also requires that the network allow the remote user to establish an incoming connection to the computer that is to be controlled. This is problematic in most corporate settings: because the corporate firewall will almost certainly block incoming connections from outside. Even if a company's security policy allows such incoming connections, providing this capability requires significant administrative overhead in firewall management. pcanywhere by default will use both UDP and TCP ports. Many companies will not allow UDP traffic across their firewalls. While this use of UDP can be disabled in pcanywhere (resulting in more administrative overhead for every client), doing so comes at the cost of some functionality. (If the host is in use by another user, then users will appear to make a connection to the host but will see a black screen.) Some firewalls will only allow one connection to an internal computer to use a specific IP port. In this case, not only must the firewall be configured specifically for every internal computer that will be accessed from outside, but the internal computer's pcanywhere installation also must be changed from its default IP ports in coordination with the firewall. To further complicate things, different versions of pcanywhere require different TCP/IP port configurations. Even in a non-corporate setting, supporting incoming connections can be problematic. Many home computers use either personal firewall software or hardware. These must also be configured to allow incoming connections on the appropriate ports. If end users attempt this configuration, many will either inadvertently remove most or all the security the firewall provides or be unsuccessful in determining how the firewall needs to change. 4

Different versions of pcanywhere also use different versions of Winsock, which can result in timing difficulties when attempting to connect through firewalls 1. GoToMyPC: With GoToMyPC, both the controlled and controlling computers receive all communications through an outgoing TCP connection, using protocols and ports that can transparently transit almost all firewalls. Thus no firewall changes are required, and all the problems with incoming network connections that are an issue with the use of pcanywhere are effectively avoided. How the Connection Is Made pcanywhere: Another common problem in the pcanywhere environment is that users often do not know the IP address of the computer to which they wish to connect. Unless the default ports happen to be configured for pcanywhere, users generally need to know the IP address or DNS name of the remote computer and the specific IP ports on which that computer is listening. Users must also know this information if they are attempting to connect between different versions of pcanywhere. If the target system is assigned an address dynamically (as are most DSL, modem and cable-modem attached computers and many corporate LAN computers) then it is impossible to know the IP address of the remote computer unless there is someone at the remote computer who can determine the IP address and communicate it. If the computer to be accessed is behind a firewall, then, even assuming that the firewall has been configured to allow incoming pcanywhere connections, the address that must be known is that of the outside interface of the firewall, or an address with which the firewall has been specifically configured. Determining this address can be difficult, especially if the firewall is assigned a dynamic address, which is the case with a firewall protecting a DSL or cable-modem home network. If the target system is dynamically addressed and behind a firewall, then the firewall is unlikely to know the dynamic address to which it should translate incoming connections, precluding the possibility of using pcanywhere on the internal computers. GoToMyPC: GoToMyPC is effectively self-configuring. The user logs in to http://www.gotomypc.com and is presented with a list of all computers the user has registered and can securely connect to and control. These host computers notify the GoToMyPC servers of their availability on a real-time basis through outgoing connections Ñ thereby avoiding any possible firewall, NAT or dynamic address problems. Users need only remember their email address and password and the access code of the computer that they wish to connect to. Security pcanywhere: The difficulty or impossibility of establishing network-based pcanywhere connections to hosts behind a firewall means that many users opt to attach a modem to their PCs and use it to establish pcanywhere connections. However, using a modem completely circumvents the corporate firewall and security policies and depends on the security of the PC to prevent unauthorized access. Frequently such ÒbackdoorÓ modem connections are exploited as a means for hackers to invade a corporate network. 1 See: http://service1.symantec.com/support/pca.nsf/9f19833cbd7241aa85256758005492c7/96e322b1ad33f6bb882568900000dc71? OpenDocument&Highlight=0,firewall 5

pcanywhere supports a wide variety of security features. However, most users will not know how to set them up appropriately for maximum security, typically leaving the settings at default values. Another common method of installing pcanywhere is to set up a central system to accept remote connections with little or no security and to rely on network operating system security to protect access. However, if malicious intruders can connect to a system, they can install keystroke loggers and other tools to circumvent the security. This is a much-discussed technique on hacker message boards. GoToMyPC: By making network-supported connections much more reliable and functional even in a secure environment with firewall protection, GoToMyPC removes the motivation for users to install non-secure modems on their PCs. GoToMyPC traffic is encrypted with strong 128-bit encryption using a secure challenge-response password authentication protocol. It is not possible to inadvertently (or deliberately) configure a computer using GoToMyPC in a manner that will weaken security. Connection Costs pcanywhere: As noted previously, the difficulty of establishing network-based pcanywhere connections to hosts behind a firewall results in many users and companies setting up modem pools so that dial-in users can establish pcanywhere connections. In addition to the security implications of this approach, this technique can result in very high telecommunications costs because either the user is forced to pay for long-distance calls or the central site must establish a toll-free number and pay for incoming calls in addition to allocating administrative overhead for provisioning and maintaining the correct number of extra phone lines. GoToMyPC: By making network-supported connections secure, reliable and functional even in an environment with firewall protection, GoToMyPC allows users to confidently connect from any local ISP. Thus the users can use a local call to establish their connections, and no extra infrastructure is required at the central office, affording significant cost savings. 6

Summary In contrast to other remote control packages, GoToMyPC can provide a cost-effective way to provide secure remote access to corporate computing resources with no downside in terms of extra management, loss of security or loss of performance. GoToMyPC is also far more convenient for the users because it does not require any client software, is accessible from any Web browser and does not require prior knowledge of the remote resource. Comparative Overview of pcanywhere vs. GoToMyPC GoToMyPC pcanywhere Incoming Network Connections Outgoing connections only. Network and firewall must be No configuration of firewall. configured to allow incoming connections. How the Connection Is Made Self-configuring. Need to know and input IP address or DNS name. Need for Client Software No client software Need to install software on Installation installation. client computers. Security Strong 128-bit encryption. Modem connections have Not possible to weaken security. security risks. Need to know how to configure security protocols. Connection Costs Can always securely use local In many cases must use direct Internet access, eliminating dial-in lines to get around firewalls, any extra dial-in line costs. incurring extra communications costs. 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information