Is the use of remote access software viable?

  • Thread starter WWGD
  • Start date
  • #1
WWGD
Science Advisor
Gold Member
6,045
7,365
Summary
Concern about security issues related to programs that allow/provide remote access. Thinking mostly about the likes of RDP and Team Viewer 12
Hi,
The issue of granting/using remote access to a computer came about today re the topic of RDP ( Remote Desk Protocol) and Team Viewer. Obviously some security measures are needed to prevent 3rd party access . Any comments on the level of security needed for a stand alone PC? How about for add ins that provide the remote access but are not the actual RDP?
Edit: I also am considering whether its worthwhile shelling out some extra money for Windows Office ( instead of home) since office includes RDP while home does not. I am considering using it as a client.
 
Last edited:

Answers and Replies

  • #2
13,921
7,868
Many corporations routinely use remote desktop software like RDP or VNC. If proper security protocols are followed it would be difficult to crack them.

As an example, some companies have an airgapped internal network and use remote desktop sw to access external company computers connected to the internet.
 
  • Like
  • Informative
Likes Oldman too and WWGD
  • #3
MikeeMiracle
393
293
If your not really a techy then Teamviewer may be the easier path to follow. RDP required an inbound connection from the internet and depending on how you configure this at the router's end, you may be unwittingly opening up your home computer to more than you bargained for.

Teamveiwer does not need an inbound connection I believe. It forms an outbound connection to Teamviewer's network and when you connect you do so via Teamviwer's network so you do not need to change anything on your router configuration. Teamviewer when installed properly and not just run in portable mode starts with your computer so you can restart the computer remotely and re-connect to it afterwards.

If your technically minded I would configure a VPN on your home router and VPN into your home network. From there you could just open a regular RDP connection to your home computer, that's the way I do it.
 
  • Like
  • Informative
Likes Oldman too and WWGD
  • #4
f95toli
Science Advisor
Gold Member
3,345
840
RDP is typically used with a VPN.
We've used TeamViewer when we've had customer owned equipment on-site and needed a way for their engineers to access it; our IT department (which are very security conscious) seemed to be happy with this solution as long as the customer's equipment was connected to our "guest" network,
 
  • #5
harborsparrow
Gold Member
619
158
Remote Desktop and VPN. Remote client may need to know IP of PC on remote LAN. Also, the remote user's Windows account must specifically be given permission on that PC for remoting in.
 
  • #6
WWGD
Science Advisor
Gold Member
6,045
7,365
Thank you all. Is Team Viewer as bad as Ive heard in terms of security gaps?
 
  • Like
Likes neutrinospin
  • #7
MikeeMiracle
393
293
Not heard anything specifically bad with regard to Teamviewer. All programs have undiscovered holes in the programming but as Teamviewer is under constant support and frequently upgraded I see no reason not to use it, many companies do.
 
  • #8
WWGD
Science Advisor
Gold Member
6,045
7,365
Tt
Not heard anything specifically bad with regard to Teamviewer. All programs have undiscovered holes in the programming but as Teamviewer is under constant support and frequently upgraded I see no reason not to use it, many companies do.
Thanks, forgot @f95toli had. endorsed it too.
 
  • #9
MikeeMiracle
393
293
I use it on mobile also, have it installed on my Mum's phone and Tablet so I can remote in and sort out any problems.
 
  • #10
WWGD
Science Advisor
Gold Member
6,045
7,365
I use it on mobile also, have it installed on my Mum's phone and Tablet so I can remote in and sort out any problems.
Someone in IT had recommended Google remote as an alternative.
 
  • #11
MikeeMiracle
393
293
Even though I use Android I try and avoid Google elseware for privacy reasons, their business model relies on sucking up information about you and using it to feed you adverts. I have no intention of using their services on a PC, I don't even search using Google.com as it tailors results based on what it thinks you want to see.

I use Startpage.com as a browser, they are EU based and keep no data about you or what you search. The plus being they don't index the web themselves, they send the search request off to google so you get back pure unfiltered results. They still have a "filters" section but you can turn off to find all sorts of stuff which Google.com would not show you while still utilising the powerful search facilities of Google's search.
 
  • Like
  • Informative
Likes Oldman too, sysprog and WWGD
  • #12
WWGD
Science Advisor
Gold Member
6,045
7,365
Even though I use Android I try and avoid Google elseware for privacy reasons, their business model relies on sucking up information about you and using it to feed you adverts. I have no intention of using their services on a PC, I don't even search using Google.com as it tailors results based on what it thinks you want to see.

I use Startpage.com as a browser, they are EU based and keep no data about you or what you search. The plus being they don't index the web themselves, they send the search request off to google so you get back pure unfiltered results. They still have a "filters" section but you can turn off to find all sorts of stuff which Google.com would not show you while still utilising the powerful search facilities of Google's search.
Sorry for necropost. Duckduckgo is good too, and does not track you either.
 
  • Like
Likes Oldman too and anorlunda
  • #13
neutrinospin
6
5
Thank you all. Is Team Viewer as bad as Ive heard in terms of security gaps?
You are right. For example - https://www.cnn.com/2021/02/10/us/florida-water-poison-cyber/index.html

As for me, I usually use SO Viewer ( https://so-viewer.com/ ) or AnyDesk ( https://anydesk.com ).
But SO Viewer seems to be more secure, I made an investigation, it turns out that it encrypt everything and everywhere on users machine. Also it doesn't provide user to create weak passwords for unattended access, it uses some kind of sophisticated algorithm to generate it's own access passwords.
 
  • #14
Tom.G
Science Advisor
Gold Member
4,531
3,286
But SO Viewer seems to be more secure, I made an investigation, it turns out that it encrypt everything and everywhere on users machine. Also it doesn't provide user to create weak passwords for unattended access, it uses some kind of sophisticated algorithm to generate it's own access passwords.
And when you have a crash are you...?

rtising-p536biuj6pzz12iyuceb28g0ntyxpbr1ux43l76gm4.jpg
 
  • #15
neutrinospin
6
5
And when you have a crash are you...?

View attachment 299997

Yeah, unfortunately if you want to be secured, sometimes you need to be a bit paranoid.
 
  • #16
anorlunda
Staff Emeritus
Insights Author
10,862
8,170
Yeah, unfortunately if you want to be secured, sometimes you need to be a bit paranoid.
Tell us what you are trying to protect yourself from? I'll give two choices.
  1. The US hates you as much as they hate Edward Snowden. They will unleash the full power of NSA to steal your secrets.
  2. Hackers in Russia are looking to steal money by finding 1 million credit card numbers on people's computers.
 
  • #17
neutrinospin
6
5
Tell us what you are trying to protect yourself from? I'll give two choices.
  1. The US hates you as much as they hate Edward Snowden. They will unleash the full power of NSA to steal your secrets.
  2. Hackers in Russia are looking to steal money by finding 1 million credit card numbers on people's computers.
We just stick to our corporate security rules. We have to use highly secured software or have to use nothing. Nobody wants to be in situation like Florida city's water supply was, when they were using TeamViewer. And I bet the hackers (in Florida city's water supply incident) was just script- kiddies without target.
 
  • #18
pbuk
Science Advisor
Gold Member
3,659
2,102
Nobody wants to be in situation like Florida city's water supply was, when they were using TeamViewer. And I bet the hackers (in Florida city's water supply incident) was just script- kiddies without target.
I bet they weren't, and I bet it had nothing to do with TeamViewer either.

All the security breaches I have personal knowledge of were down to some form of phishing or social engineering, or lost or stolen hardware.
 
  • Like
Likes WWGD and anorlunda
  • #19
anorlunda
Staff Emeritus
Insights Author
10,862
8,170
We just stick to our corporate security rules.
OK, but that seems to contradict your earlier statements. Corporate security rules usually give you no choice on what software to use, and they strongly discourage non-cybersecurity staff from conducting security investigations on their own.

As for me, I usually use SO Viewer ( https://so-viewer.com/ ) or AnyDesk ( https://anydesk.com ).
But SO Viewer seems to be more secure, I made an investigation
 
  • #20
neutrinospin
6
5
I bet they weren't, and I bet it had nothing to do with TeamViewer either.

All the security breaches I have personal knowledge of were down to some form of phishing or social engineering, or lost or stolen hardware.
I think you are maybe right. But they will not tell us what was really happening there. We can make only theory about that incident.
But I figured it out, many remote desktop software allow user to create simple passwords which every beginner hacker can brute-force via dictionary. It's very bad idea as for me.
 
  • #21
neutrinospin
6
5
OK, but that seems to contradict your earlier statements. Corporate security rules usually give you no choice on what software to use, and they strongly discourage non-cybersecurity staff from conducting security investigations on their own.
Yes, that is right. I have direct relation to cybersecurity in my company
 
  • #22
WWGD
Science Advisor
Gold Member
6,045
7,365
But most attacks (75% IIRC) do not elicit a response (meaning legal action) and are dealt with internally. So how can we reliably talk about security of certain programs/resources?
 
  • #23
Oldman too
Gold Member
259
473
I bet they weren't, and I bet it had nothing to do with TeamViewer either.

All the security breaches I have personal knowledge of were down to some form of phishing or social engineering, or lost or stolen hardware.
The lesson here seems to be, update and patch, remove outdated programs and don't forget there are plenty of black hats stealing login info and tokens. That is how the solar winds hackers got busted, using a stolen token to register a new device on the attackers network.

Here's a few links on the topic to discuss.
https://itsg.com/cybersecurity/why-cybersecurity-experts-hate-teamviewer/
https://www.cnn.com/2021/02/10/us/florida-water-poison-cyber/index.html
And then there's RDP. (and too many more to mention)
https://www.beyondtrust.com/blog/entry/what-is-rdp-how-do-you-secure-or-replace-it
 
  • #24
neutrinospin
6
5
But most attacks (75% IIRC) do not elicit a response (meaning legal action) and are dealt with internally. So how can we reliably talk about security of certain programs/resources?
Exactly! Only we can do here is using the most secure software at current time (it helps to reduce amount of attack vectors) update frequently and always be ready for potential attack.
 
  • Like
Likes Oldman too and WWGD

Suggested for: Is the use of remote access software viable?

Replies
27
Views
1K
Replies
34
Views
987
Replies
5
Views
347
Replies
10
Views
388
Replies
7
Views
656
  • Last Post
Replies
6
Views
475
Replies
6
Views
585
Replies
14
Views
506
  • Last Post
Replies
12
Views
539
Top