Educause Security Discussion mailing list archives
Policy/Practices for Remote Control/Remote Access to Institutionally Owned Computers
From: Jack Rutt <ruttj () EMU EDU>
Date: Tue, 21 Aug 2012 12:39:46 -0400
For years we have prohibited the use/installation of remote access/remote control programs on our institutionally owned computers. GoToMyPC was one of the first services that prompted us to declare a policy about this kind of service but with the onslaught of BYOD the number of these services and the interest that employees have in remote access has increased significantly. Specifically, the convenience of being able to get the near-equivalent of your desktop on an iPad is very compelling for these kinds of users. Originally, our concern was with third-party access potential (i.e. was the company behind GoToMyPC really ensuring that security best practices were being applied to the connections established through their infrastructure). This concern has been addressed over the years by the service providers but we are still very skeptical about the practice of needing to have a computer "listening" for a connection to be established from a remote device over which we have no control from an end-point security perspective. The services we have found some users installing include PocketCloud, GoToMyPC, LogMeIn, VNC etc. Our institutionally owned desktop computer users do not have administrative privileges, so they typically do not install the server components for these services. However, laptop users are administrative users because they are often the users who have legitimate reasons for administrative privileges - so it is with this group of users where we find the prohibited programs. When we find these programs installed we require that they be uninstalled and remind the user that we do provide VPN connectivity and RDP access to a terminal server. But that does not truly give the user access to the computer resources they have on the computer (in most cases a laptop) that they have while working from their desk. My questions: 1. Are we being overly restrictive to prohibit external connections to institutionally owned computers? 2. Do other institutions typically prohibit the user of remote access programs like GoToMyPC, LogMeIn, PocketCloud or others that are essentially VNC products? 3. Do any institutions permit (condone?) the use of any specific remote access programs and, if so, what policies or best practice statements are enforced to accompany these activities? Thanks for any perspectives you can provide. Jack Jack Rutt Director Information Systems Eastern Mennonite University, 1200 Park Road, Harrisonburg, VA 22802 540-432-4478 (desk), 540-432-4444 (fax), 540-578-1782 (mobile)
Current thread:
- Policy/Practices for Remote Control/Remote Access to Institutionally Owned Computers Jack Rutt (Aug 21)