A sample Remote Desktop Control product policy.

Had a customer IT Security Team, let’s call them FREDNET, ask me for some advice on graphical desktop sharing and control system.
Think VNC, Dameware, PC Anywhere.

Here is what I wrote up for them:

The Remote Desktop Control product (RDCP) must adhere to the following policies:

  • RDCP must not be able to connect to a PC which is not logged on.
  • RDCP can only connect when the end user of the PC positively authorises the connection.
  • End user is able to terminate the RDCP session.
  • End user has the ability to “see” what the RDCP session is doing.
  • RDCP connections must use logging for auditibility.
  • The RDCP must be able to coexist with the <support organisation> Desktop Management  Toolset.
  • Session data traffic between the RDCP server & client is encrypted.

The Desktop Support Team has not evaluated the following Remote Desktop Control products, but do provide the following comments on these products:

VNC

  • VNC traffic is not encrypted.
  • Is able to connect without end user providing authorisation.

Therefore not suitable for use in the FREDNET network

Dameware

  • Is able to connect without end user providing authorisation.

Therefore not suitable for use in the FREDNET network.

Microsoft Remote Desktop with WIndows 2000/XP

  • Can connect to a PC if the client is not logged on
  • Does not prompt the client to allow connection, it just remotely connects and locks the client workstation while the remote desktop session is active.
  • Therefore clients are unable to “see” what the Remote Desktop session is doing.

Therefore not suitable for use in the FREDNET network.

Bookmark and Share