Safe and sound solutions

An Ask the Expert feature with NetOp’s Per Rank

“A recent survey showed that 42% of data breaches involved the use of some remote control software”
-Per Rank, NetOp

When you stuck with an IT problem, you are frustrated – not productive. That is why you want help here and now, and that is why remote control software has been such a successful tool in the IT service industry. With remote control software the IT supporter can take control over your computer and work on it as if he was sitting in front of it. Companies taking advantage of remote control technology have saved tremendous amounts of time, money, and resources by eliminating the need for IT staff to travel, reducing system down time, and improving the efficiency of the IT organisation.

A security price
There are many benefits to gain from remote control software but by it’s very nature remote control can jeopardise your IT security. As remote control software works over your local network, or the internet, there is always the risk of sniffing of passwords from an established remote control session, brute force attacks on password protected remote control software, and so on. In fact, a recent survey showed that 42 percent of data breaches involved the use of some remote control software (Verizon Business RISK Team 2008 Data Breach Investigations Report).

Does that mean that all remote control software is inherently a security risk and you should avoid using it? No, just like you do not disconnect from the internet because of the risk of virus attacks. The benefits of remote control simply outweigh the potential risk and there are measures you can take to minimise the risk, such as changing the default ports, using role-based access profiles, etc. However, just like you invest in anti-virus software it is also imperative to carefully consider the security aspects of your remote control solution.
A four-layered remote control security model is necessary because a truly secure remote control solution will address who can do what, where and when. And when the remote control session is finished it should be able to document what actually took place in the session.
The questions you should be asking are:
• How do the IT supporter identify himself to the user computer? Remote control products differ on what criteria you can enforce, some use only passwords, others need user acceptance,  which is not good for servers. The best solutions will offer you multiple access criteria including integration with directory services, smart cards or token-based authentication.
• Can you define what different users are allowed to do?  Users should not be treated equally when it comes to security. An administrator is typically given more rights than a support rep, and often it is necessary to limit the rights of external consultants when given remote control access to servers. That is why you must be able to give different rights to different groups.
• Can you manage security from a central server? If security settings are managed on the local user computer it becomes a difficult task to change settings even in relatively small networks. A centrally-managed user access rights solution will enable you to change the settings for thousands of computers without having to configure each user computer individually.
• Do you have full range documentation? With extensive logging and video recording of sessions, you will know exactly what happened and when. Did the help desk employee delete that important sales file while assisting the sales clerk with his Internet connection? Who remotely accessed the confidential medical records Saturday night? These are questions you would want to be able to answer.
• Does it have industry encryption? The best solutions have 256-bit AES encryption and dynamic key exchange using the Diffie-Hellman method with key lengths up to 2048 bits. These are the criteria you should look for in a remote control solution if IT support is not going to put your data security at risk.

For more information, please visit www.netop.com.

Per Rank, Director of Sales EMEA, Netop Business Solutions A/S, has over 20 years of experience with remote control software, including 13 years with Netop. Starting in sales, he moved on to play an instrumental role in developing the award-winning Netop products as Head of Product Management. Per Rank is also a member of the board of directors.