Remote Desktop, privacy/security concerns

[pig devilz]

Need some advice on this.....

 

I use Remote Desktop from my home office quite a bit for work. I connect through a PC laptop provided by the company.

I have very little, if any, personal info on the laptop as it is used mainly for work so I have no privacy/security issues about it.

 

I'm considering using my 'family Mac' computer for remote access, using the Remote Desktop Connection Client for Mac 2.

 

My concern/question is, am I opening up my family/personal computer info by doing this?

And, I guess the larger question is, is remote desktop 'reversible' in any way?

Meaning can my home computer be accessed/hacked from the office or from anywhere else if I install the Client?

 

This may seem like a simple question, but I don't have a lot of knowledge when it comes to PC's as we have

always been Mac based.

 

Any input/advice would be great.....thanks.

[Caveman_Nick]

Need some advice on this.....

 

I use Remote Desktop from my home office quite a bit for work. I connect through a PC laptop provided by the company.

I have very little, if any, personal info on the laptop as it is used mainly for work so I have no privacy/security issues about it.

 

I'm considering using my 'family Mac' computer for remote access, using the Remote Desktop Connection Client for Mac 2.

 

My concern/question is, am I opening up my family/personal computer info by doing this?

And, I guess the larger question is, is remote desktop 'reversible' in any way?

Meaning can my home computer be accessed/hacked from the office or from anywhere else if I install the Client?

 

This may seem like a simple question, but I don't have a lot of knowledge when it comes to PC's as we have

always been Mac based.

 

Any input/advice would be great.....thanks.

 

How do you connect to your home office from work? Do you have a VPN Set-up? Open firewall? tin cans with string?

[pig devilz]

I never have connected from work-to home. I have no need to do that.

I do have a firewall on the Mac.

 

The setup is what I have no clue on, since it is all PC based

[Apocalypse]

If your RDP config is set up to share your local drives, technically an administrator or super user could remote control your terminal server session and get to info on your local drives. Unless you were away from your PC or had the remote session minimized, you would notice this happening.

 

Beyond that, I'm not sure if there are any other legitimate or illegitimate ways to do so.

Edited December 9, 2009 by Apocalypse

[smithkt]

If your RDP config is set up to share your local drives, technically an administrator or super user could remote control your terminal server session and get to info on your local drives. Unless you were away from your PC, you would notice this happening.

 

Beyond that, I'm not sure if there are any other legitimate or illegitimate ways to do so.

 

It's important to note that this is not the default either. You would have to change the client config to share these. Unless you have reason to need to share local folders with your remote desktop, simply don't change the default config and you will have no concerns.

[pig devilz]

If your RDP config is set up to share your local drives, technically an administrator or super user could remote control your terminal server session and get to info on your local drives. Unless you were away from your PC, you would notice this happening.

 

Beyond that, I'm not sure if there are any other legitimate or illegitimate ways to do so.

yeh, this is one thing i was concerned about. i had heard, and know guys, that can do this.

 

so is there a way to set up RDP so that it is not sharing local drives? from office-to home?

 

 

ETA....just saw smithkt post...so as long as I install it using the default installation, and don't install

it with any changes or Advaned set up i should be good to go?

Edited December 9, 2009 by pig devilz

[Apocalypse]

yeh, this is one thing i was concerned about. i had heard, and know guys, that can do this.

 

so is there a way to set up RDP so that it is not sharing local drives? from office-to home?

 

From the RDP config on your local destop, right-click and choose edit. Click on the "local resources" then "more" under "local devices and resources. Un-check the "drives" box and save the changed config.

[Apocalypse]

yeh, this is one thing i was concerned about. i had heard, and know guys, that can do this.

 

so is there a way to set up RDP so that it is not sharing local drives? from office-to home?

 

 

ETA....just saw smithkt post...so as long as I install it using the default installation, and don't install

it with any changes or Advaned set up i should be good to go?

 

if you are installing it yourself, then yes. if the config is being distributed from work (i.e. via email), I would check.

[pig devilz]

From the RDP config on your local destop, right-click and choose edit. Click on the "local resources" then "more" under "local devices and resources. Un-check the "drives" box and save the changed config.

thanks.

So what this effectively does is not allow access to my local/home computer from the office?

And, this will have no effect on me accessing info, via RDP, on my office comp?

just so I understand....

 

I have no need to access home from office.......nor should anyone else

[Apocalypse]

The remote control feature in terminal services manager is an important support tool, but it can be abused (ie monitoring activity, accessing user-specific server applications and data, and potentially accessing local data). You need to control which computer geeks have access to it in a company.

[Apocalypse]

thanks.

So what this effectively does is not allow access to my local/home computer from the office?

And, this will have no effect on me accessing info, via RDP, on my office comp?

just so I understand....

 

I have no need to access home from office.......nor should anyone else

 

Right.

 

Some people use the shared local drive feature to pass info back and forth from the remote to local systems, so it can be useful. Other people just need the local printer feature, but they go ahead and check all the share boxes.

Edited December 9, 2009 by Apocalypse

[pig devilz]

I won't be installing it myself. It will be installed at office by IT.

I WILL check the configuration on the home comp and do as you suggest to change the configuration.

 

 

Your second point, re remote control/terminal services manager.....

is that kind of monitoring only available, from the outside, when I am logged into RDP?

And if you are familiar with Mac's, would turning File Sharing off, when not using RDP, make any difference?

File Sharing on a Mac may only be local to local, not sure about that...

[pig devilz]

Right.

 

Some people use the shared local drive feature to pass info back and forth from the remote to local systems, so it can be useful. Other people just need the local printer feature, but they go ahead and check all the share boxes.

printer....I'll have to look into that....didn't know about it.

I have never been able to print at home, always sent stuff to office printer, which obviously sucks, then have to go pick it up at office.

[Caveman_Nick]

I never have connected from work-to home. I have no need to do that.

I do have a firewall on the Mac.

 

The setup is what I have no clue on, since it is all PC based

 

 

I am just trying to understand what you are doing here, and then I should be able to help you with respect to your Mac questions...

 

So, you want to connect to your work from home then? And instead of using your PC, you want to use your home mac? The same questions apply....are you using a VPN to do this, or do you have some other kind of access set up through your firewall at work (say a port opened on an IP address that allows traffic through to your work machine, but only from your network at home)?

 

EDIT: Also, are you saying that your company is mac based, but you are using a PC to remote in?

Edited December 9, 2009 by Caveman_Nick

[pig devilz]

I am just trying to understand what you are doing here, and then I should be able to help you with respect to your Mac questions...

 

So, you want to connect to your work from home then? And instead of using your PC, you want to use your home mac? The same questions apply....are you using a VPN to do this, or do you have some other kind of access set up through your firewall at work (say a port opened on an IP address that allows traffic through to your work machine, but only from your network at home)?

 

EDIT: Also, are you saying that your company is mac based, but you are using a PC to remote in?

 

connect ONLY from home (Mac) to office (PC)

 

I do connect to the office via an IP address. For example 145.8.55.66: 6666

I believe the last 4 digits are the port?

 

your edit question......right now I am using a PC laptop to connect to the Office PC.

I want to start using my home Mac to connect to the Office PC using the Client I listed above.

Office is PC based.

Edited December 9, 2009 by pig devilz

[Caveman_Nick]

connect ONLY from home (Mac) to office (PC)

 

I do connect to the office via an IP address. For example 145.8.55.66: 6666

I believe the last 4 digits are the port?

 

your edit question......right now I am using a PC laptop to connect to the Office PC.

I want to start using my home Mac to connect to the Office PC using the Client I listed above.

Office is PC based.

 

 

Okay.

 

Not my place to say, but if your company is going to engage in remote access, it would be worth considering investing in having a VPN set up. Your current firewall might already support it.

 

In any event...

 

for your mac at home, one option for you is to create a virtual machine running (Whatever version of windows your office recommends), via Parallels Desktop or VMWare Fusion, and then work in the virtual environment when making the connection to your work. Your IT Staff will be familiar with telling you how to lock down access on your home side so that you can get the access that you want, but at the same time the Virtual Machine will have the ability to access and use files on your mac, and also use printers that are set up in the mac environment.

 

As a side note, if you are running a virtual machine on your mac, that makes it "easier" to get into the VPN if you can get that set up. Not becaus eit's easier, but because most vendor support you will be able to find to get that kind of a situation set up will not be familiar with how to set it up in an OS X environment, what VPN client to use, or how to configure that client.

 

As far as the remote desktop app is concerned, I would defer to Apocalypse in terms of what can be accessed "upstream". I use remote desktop on the mac to access other macs, and there is no upstream unless you enable it withing the system preferences.

 

What kind of mac and what OS are you running?

[pig devilz]

thanks.

 

I'm running 10.5.4 on iMac with the Core 2 Duo processor.

 

I have questions about your reply but have to get to some appointments.

Any other info would be great....I'll check back in later

 

Thanks again.

[Caveman_Nick]

thanks.

 

I'm running 10.5.4 on iMac with the Core 2 Duo processor.

 

I have questions about your reply but have to get to some appointments.

Any other info would be great....I'll check back in later

 

Thanks again.

 

White plastic or Aluminum? How much RAM? The virtial machines are memory pigs.

[pig devilz]

aluminum, 2 GB of ram

 

do you know if Filing Sharing on a Mac has anything to do with RDP or is that just local

and applies only to comp's, say within my house?

 

I dont think the office would spring for a VPN set up. All others who use RDP are connected via IP.

 

I am interested to hear about the Parallels and Fusion options....

[Caveman_Nick]

aluminum, 2 GB of ram

 

do you know if Filing Sharing on a Mac has anything to do with RDP or is that just local

and applies only to comp's, say within my house?

 

I dont think the office would spring for a VPN set up. All others who use RDP are connected via IP.

 

I am interested to hear about the Parallels and Fusion options....

 

I'll try to get back to you tomorrow via PM.

 

Honestly, it's not that expensive to have a VPN set up if you already have a VPN capable device, and the people running your office are CRAZY if they just have IP addresses and ports open to the internet, even if there is a password level of security.

[pig devilz]

ok, shoot me a PM

the office is what it is and a reason for my initial privacy concerns

 

thanks to Apoc. and smith too.....much appreciated.