This information is not an endorsement of particular products, technologies, or their use. It is to make you aware of the risks that go hand in hand with their use. Any use of such technologies that may have a significant impact on unit operations or sensitive JMU or constituent data or services must follow the Project Selection and Management standard including submission of a Project Initiation Questionaire (PIQ).
Remote Control software or services allow you to take control of a desktop or other device over the network. They enable remote support, remote administration and monitoring, and/or access to programs, data, or services (for which you've been authorized remote access) that might not otherwise be available. They also add risk:
Generally speaking, once a remote control service is enabled, all that stands between an attacker and control of your device is a password. In most cases, control of your device will provide access to your all your data and accounts either directly or indirectly. This can occur through cached passwords, single sign on, or breaching your computer's security.
JMU computing standards require more stringent password controls than those enforced by many remote control services. In such cases, it is up to you to maintain passwords in accordance with JMU standards.
Paid versions of some products offer enhanced authentication options. These include using a list of one time passwords or emailed passcodes. These options reduce the risks associated with reusable passwords which often fall prey to phishing attacks, hacked servers, and viruses.
Things to consider when contemplating use of remote control software or services:
Faculty and staff should check with their individual departments for software selection, configuration information, and local policies regarding remote control software use.
Some common remote control programs and services include:
|GoToMyPC||Browser Agent||commercial, provides end to end encryption|
|LogMeIn||Browser Agent||commercial, provides end to end encryption (free version being discontinued)
|WebEx||Browser Agent||commercial, provides end to end encryption if configured|
|TeamViewer||Browser Agent||free and commercial versions, provides end to end encryption|
|join.me||Browser Agent||free and commercial versions, does not offer end to end encryption protection due to need to support multi-party sessions, sessions are protected from endpoints to vendor servers but traffic is unencrypted once it hits vendor servers (join.me architecture whitepaper page 6)
|Microsoft Remote Desktop||Connection to server on the controlled machine requires a hole to be configured in the host firewall; for connections from off-campus to on-campus machines the SSLVPN gateway must be used|
|VNC||Connection to server on the controlled machine requires a hole to be configured in the host firewall; for connections from off-campus to on-campus machines the SSLVPN gateway must be used|
|SSH||Connection to server on the controlled machine requires a hole to be configured in the host firewall; for connections from off-campus to on-campus machines the SSLVPN gateway must be used|
|Lync||Remote control features are integrated in product|
|Skype||Remote control features are integrated in product|
|JMU VDI||A special version of Microsoft Remote Desktop where a limited use, IT maintained Windows Virtual Machine is controlled rather than a physical machine. This relatively new service is currently limited to special use cases due to the costs involved. Submit questions to firstname.lastname@example.org or submit a PIQ if interested in exploring applicability.||Configurations and access controls are set up according to need, risk, and efficient use of resources. Currently approved use cases require the use of the SSLVPN gateway and two-factor authentication tokens.|