How to configure secure remote control

Dr_Evil · 23 Mar 2007 at 10:05

Ok basically I've got a user at home with Windows XP Pro SP2 and want to be able to "pop" on to their computer and control the desktop etc.

I've installed UltraVNC and run the server as a service. In windows firewall i have configured for UltraVNC to only allow incoming connections from my static IP address.

Also I am running Dynamic DNS Updater, so if his IP changes it will update the DynDNS database and I can get on anytime.

However, I've been told this is not very secure as UltraVNC has many security flaws and I should either use this over VPN or SSH.

I want to use the Incoming VPN feature of XP but can't seem to get this running properly.

Can anyone help or advise on how to "tighten" my setup and make it 99% secure please?

The_KiD · 23 Mar 2007 at 10:41

Not sure on the imcoming VPN, however have you thought about using LogMeIn? www.logmein.com

There is a completely free version that is very secure and makes the machine accessible to you from anywhere with an internet connection.

You install the client on their machine and set it up with your logmein account details.

Then you visit www.logmein.com and login, you can then see any machines you have installed the client on and simply click on it to start the remote control session.

If the user wants to make sure it is secure, they can disable the logmein by right clicking the icon in the system tray and choosing diable, then enabling it when you need access again.

Highly recomend this prog we have it on about 350 machines

Dr_Evil · 23 Mar 2007 at 11:42

Quality program. How secure is it and how does it bypass XP's firewall exactly?

does the free edition offer 256bit SSL security as well?

The_KiD · 23 Mar 2007 at 12:55

Is LogMeIn secure and what is SSL?

Yes. To prevent unauthorized access, LogMeIn requires you to enter separate passwords to access both your LogMeIn account and your Target PC's Windows login. LogMeIn uses 128- to 256-bit encryption to protect your passwords and data. It also includes such active defense features as IP filtering and lockout.

SSL, or Secure Sockets Layer, is a protocol used to encrypt data transmitted over the Internet. The SSL protocol is used by web sites that request confidential data such as credit card numbers or other private information. Web sites that use the SSL protocol have URLs that begin with https: rather than the standard http:. LogMeIn uses SSL to protect the data you transmit when accessing your computers remotely, as indicated by the padlock icon that appears when you visit the LogMeIn web site.

(back to top)

Does it work with a firewall?

Yes. LogMeIn is compatible with all known firewalls and broadband routers. It's simple to use and requires no configuration. When you install LogMeIn, some personal firewalls will display a message asking your permission for the LogMeIn.exe and LogMeInsystray.exe program files to communicate over the Internet. This is a secure part of LogMeIn and must be allowed to function in order for the service to work.

We use this on Windows 2000 and XP machines and have never had to do anything special to firewall to let it through, however their FAQ says:

How do I configure the Windows XP and Service Pack 2 firewall to work with LogMeIn?

1. Click Start on your Target PC's systray bar and select Control Panel.
2. Click Network and Internet Connections, then Network Connections.
3. Click the icon for Local Area Connection.
4. In the Local Area Connection Status dialog box that appears, click Properties.
5. Click Advanced, then Settings.
6. Click on the Exceptions tab, then Add Program.
7. Browse to find the logmein.exe file in the Add a Program dialog box (it's usually located in c:\program files\logmein\logmein.exe).
8. Click OK.
9. Click to check the box for LogMeIn in the Windows Firewall dialog box.

Also in comparison to something like VNC, LogMeIn is super quick in remote control and has very little CPU and memory overheads.

The only thing worth mentioning about the Free version is that it doesnt support file transfer.

If your willing to pay a little for LogMeIn then I would recomend LogMeIn Rescue as it allows you to send the user a link via email or IM, they click on the link and accept the remote access request and thats it, you can get in to their system without them having to install the software manually or input your logmein username and password.

Dr_Evil · 23 Mar 2007 at 13:13

Yes i noticed is uses 256-bit SSL, but it's not clear from their site if the free version uses this, or just the pro version.

I did not see any warning message from the firewall, and there seems to be no rule made for LogMeIn either. Strange.

The_KiD · 23 Mar 2007 at 13:23

AFAIK it uses the same encryption for LogMeIn Pro and Free

Ah.... just found it:

LogMeIn Pro offers enhanced functionality for even more control over your PC from anywhere: it's the fastest, easiest, most reliable remote access solution available.
Remote access Powerful remote control - from anywhere
File Transfer Move files quickly between PCs
Remote Printing Automatically print remote files locally
File Share Easily share large files, without uploads
Guest Invite Share your desktop for remote collaboration
File Sync Synchronize files & folders in seconds
Security 256-bit SSL encryption anchors powerful security

https://secure.logmein.com/go.asp?page=products_free

Dr_Evil · 23 Mar 2007 at 13:24

so that means the free version doesn't use SSL encryption at all?

The_KiD · 23 Mar 2007 at 13:38

After notcing what I said above isnt the free version but is the Pro version, I did some mroe digging.

Go to this page: http://secure.logmein.com/welcome/get_logmein_free/signup.asp

Then click on the "Security" link and it clearly states:

128-to-256 bit SSL end-to-end data encryption

Phew! so it does look like it uses it.

Dr_Evil · 23 Mar 2007 at 14:23

Great! thanks for your advise, looks like i'm going to use this now instead!