Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Keep Your Network Safe When Using XP's Remote Controls

When we first discussed XP's Remote Control tool in this space, we called it one of that operating system's "hidden gems: A built-in, simple way to control your PC from afar. It lets you do everything from basic file and data access up to fully taking over the keyboard and mouse of a distant PC, just as if you were sitting in front of it. What's more, XP Pro extends this remote-control ability to any and all versions of Windows -- all the way back to Win95, including Windows CE palmtop systems and XP Home -- via a FREE client software tool."

That first article runs through the similarities and differences among the tool's three major faces ("Remote Desktop," "Remote Desktop Web Connection," and "Remote Assistance"). It then shows you the pros and cons of each, shows you where to get the free client software, and most important, shows you how to use these remote-control options safely. If you're not familiar with these Remote Control services, that article would be a great place to start.

A more recent discussion in my newsletter delves further into some of the security implications of these services, and also prompted some excellent reader mail, such as this:

Fred, You mentioned that when connecting via Remote Desktop (Remote Control), the remote connector needs a valid account and a password on your system, and the connection is automatically encrypted. How secure is the connection? I tried (in vain) to set up a VPN to a client's office using a LinkSys Router on their end and SSH Sentinel client software on mine. Couldn't get it to work. But I can easily use Remote Desktop to connect to the machine I use at their office, it works fine. As this client is a CPA with thousands of tax clients, I'm particularly worried about the security of the connection. And, to take the concept one step further, I can also use Remote Desktop to connect to the server at the office (i.e., I Remote to my workstation, then Remote again from that workstation to the Server). That also works fine--but how secure is the connection? I use very strong passwords for both my account and the server admin account.
-- Sal Sorice

How secure is it? Well, there's no absolute measure for things like this, but the fuzzy answer is "adequate in itself, but easy to improve upon." Remote Control's encryption makes any actual data transfer relatively safe, but that's not the real danger. Rather, the more serious risk lies in some unauthorized person connecting to an idle PC with Remote Control enabled. At the least, they'd (obviously) have some access to data and files on that PC itself; and if the remote-controlled PC is on a LAN, then it's possible for the intruder to reach out to other PCs on the LAN, or even the server.

  • 1