[X4U] remote access

[Stroller]

On 7 Sep 2006, at 13:15, Daly Jessup wrote:
> ...
> To reach the work machine, I obtained a "SecureID" device, about  
> the size of a thumb drive. It generates and displays a new network  
> passkey every 30 seconds or so. I installed a very small  
> application from Cisco on my Mac with which I access the work  
> network using a private PIN number and the current password from  
> the SecurID device. Almost instantly I am admitted into the secure  
> environment at work.  I got the Cisco utility from the IT  
> departments web site at work. They have a Cisco VPN server set up  
> there, so I had to use the Cisco utility.

The "SecureID" device is just a flashy way of doing VPN. It may be  
more secure to use such a device than to VPN without one, but for a  
base analysis this is probably in the order of increasing the mean- 
time-to-crack from a thousand years to 10 million.

One most significant advantage of devices like SecureID may be that  
they're difficult to get hold of, have to be accounted for and have a  
physical component - as a consequence you know that an employee has  
handed his in when he leaves the company. This probably reduces  
problems with key distribution and compromised keys - a regular VPN  
can surely be maintained just as securely by generating a key for  
each employee and maintaining a list of which key is assigned to  
which member of staff, but it may be more difficult to ensure that an  
employee's key is not copied & used by a 3rd party. It will be  
obvious should a device like SecureID be tampered with, but  
nevertheless such a device is not required for VPN.

> Then at home on my Mac, I use the free application, Microsoft  
> Remote Desktop Connection (available at versiontracker). All I need  
> is my work computer's IP address and my regular Windows login name  
> and password, and there I am, looking at the work computer as if I  
> were sitting in front of it. I can do anything there that I can do  
> when I'm at work, including travel through the work network, print  
> to work printers, and so on. It is nearly as fast as working on the  
> Windows machine directly.  Oh, I had to set the work machine to  
> allow remote connections to get this to work.
>
> I am describing this because I do not believe I could use VNC or  
> Timbuktu or anything else to get into the overall network in these  
> companies.

I believe that Microsoft's Remote Desktop Connection (RDC) software  
does itself handle encrypted connections. See <http://tinyurl.com/ 
obzp5>. A VPN probably provides a higher level of security &  
confidence than relying upon the encryption within MS's RDC, but you  
can probably manage without it and you should be able to access a  
Windows Terminal Server (the server end of RDC) with only a single  
forwarded port.

Once connected to the VPN, other encryption is unnecessary - you can  
use RDC within the virtual LAN without it, and you could also use VNC  
or whatever. RDC is just nice because it comes pre-installed on many  
Windows systems and because using Microsoft's client software (even  
on a Mac) just seems to work slightly better than VNC for things like  
right-clicking, copying and pasting &c.

> If I were you, I would talk to the IT department and just ask how  
> you can access your work computer from home. You will find out if  
> they have a secure network set up with special requirements for  
> access.

Indeed. I second that, although my experience of corporate IT types  
is that they can be remarkably clueless about anything other than  
Windows. The lower echelons of support tend to say "no, it only works  
on Windows" or if you're lucky "we only support Windows". My  
experience of "corporate IT", even with quite a small enterprise, was  
that the higher echelons who did actually have a bit of an idea how  
things actually worked and what protocols were used & so on (although  
this really meant that they knew the acronyms and requirements,  
rather than a deep understanding of the topic) were remarkably  
reluctant to talk to or help end-users. They seemed to consider  
themselves too important to be seen doing much other than "important  
IT executivey" things and that employees should be happy with the  
Dell & Windows solution that they had selected.

> I don't know about the web-based services you mention. Who told you  
> about them? Maybe that person can give you more details?

There are, as you surmise, lots of services that can be accessed over  
the web, but I couldn't help wondering if the OP was referring to  
Microsoft's Remote Web Workplace. This allows access to Outlook, RDC  
and other services "through a web-browser"; it's really cool to be  
able to remote desktop through a web-browser, and to be able to drag  
& drop emails within the broswer window, but since Remote Web  
Workplace uses ActiveX controls it's only compatible with Internet  
Explorer on Windows.

The OP really needs to help us by posting the brands and names of the  
technology his employer uses.

Stroller.