Had a customer IT Security Team, let’s call them FREDNET, ask me for some advice on graphical desktop sharing and control system.
Think VNC, Dameware, PC Anywhere.
Here is what I wrote up for them:
The Remote Desktop Control product (RDCP) must adhere to the following policies:
- RDCP must not be able to connect to a PC which is not logged on.
- RDCP can only connect when the end user of the PC positively authorises the connection.
- End user is able to terminate the RDCP session.
- End user has the ability to “see” what the RDCP session is doing.
- RDCP connections must use logging for auditibility.
- The RDCP must be able to coexist with the <support organisation> Desktop Management Toolset.
- Session data traffic between the RDCP server & client is encrypted.
The Desktop Support Team has not evaluated the following Remote Desktop Control products, but do provide the following comments on these products:
VNC
- VNC traffic is not encrypted.
- Is able to connect without end user providing authorisation.
Therefore not suitable for use in the FREDNET network
Dameware
- Is able to connect without end user providing authorisation.
Therefore not suitable for use in the FREDNET network.
Microsoft Remote Desktop with WIndows 2000/XP
- Can connect to a PC if the client is not logged on
- Does not prompt the client to allow connection, it just remotely connects and locks the client workstation while the remote desktop session is active.
- Therefore clients are unable to “see” what the Remote Desktop session is doing.
Therefore not suitable for use in the FREDNET network.