Remote Desktop Support Software Editorials.

The first thing I want you to know is I do not trust software to be unbreakable. In fact, if I'm working remotely it's via a hardware that allows software to connect. Then I connect to the remote system. Desktop, to VPN appliance, to Desktop. Now I have a middle device that controls the flow and allows my connection via a single point and port to connect to my internal workstation.

The Editorials here are going to be from observations and a few from testing.

If I write "Don't do it" you don't have to take my word for it. Just take my notes and advice on how to test your remote desktop connection software and ask yourself if you are really safe.

One thing I noticed about a software vendor I reported years ago as to having a exploit is that they didn't upgrade the versions or patch the versions they just sold new licenses to newer versions of the old.

It's crazy to think version 4 discovered SESSION HACK and version 5 as reported on NIST.GOV with a DLL hack by the way worked the same as the version 4 hack. It only took about 60 minutes to prove that in real-time.

If you're wanting "Proof of Concept" you'll have to wait for the news this evening on many related remote desktop services and software but if it's a flat out hack that I see and the company doesn't respond then I'll publish the warning as I did 5 years ago.

First warnings, if your old remote desktop software version is still offered by the software vendor then please follow the following steps.

  1. If you see version 7 and you only have a license for version 4 please don't install it. Typically software version updates come complete with security updates. If the Vendor offers a version 4 or 5 that has been proven to have security issues they are not working in your best interest.

Most software programmers will not offer for download known exploited software packages. Why in the world would one remote desktop company off this?

In my technical opinion it would be for one reason. They have never admitted to having an issue publicly.

End of that story and slightly a rant.

Next up!

  1. Remote access using Agent Software running 24/7. Who's monitoring the Agent while you're not connected?
  2. How your IT person may be offering your business bankruptcy or a security issue by not monitoring.
  3. Remote IT services that connect directly by 3rd party vendors can be nice. But, they might have more control than you would want them to have. 
  4. How you can identify a bad support channel by looking at your task tray.
  5. When VPN and Firewall logs report Port Scanning from your Remote Access Program was it from your program or from a scan looking for it?

 

Technical Note for the IT Admin's I've spoke with over the years. 
I still feel after finding the version 4 issues that software apps designed to circumvent your system policies, firewalls and firewall policies is not very bright. But, it's very popular so I'll do my best to offer some advice on how to monitor this agent connection. I had to write a script on a server that sent me an SMS on connection. But it was triggered from firewall events using a watchguard XTM. Not the easiest method but effective. Drawback was the log server needed an agent to monitor an agent. Now we have two more things that could go wrong. :)

When testing remote desktop software you need to understand how it slips by your firewalls without detection. To do this correctly you need to block the Gets by your Firewall software and start monitoring the ports it attempts to use.