GoToMyPC - Is it a serious security risk?

Unanswered Question
Jan 5th, 2009

I have a generic question about outbound gotomypc.com sessions.

Does anyone know if there have been verifiable instances of security breaches via gotomypc sessions?

I'm trying to determine exactly what the measureable risk is with allowing outbound gotomypc sessions.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
clausonna Tue, 01/06/2009 - 10:55

First, be sure that they're really gotomypc.com sessions and not regular Citrix NetMeeting sessions. For the former, you should see a client installed on the users computer and traffic to poll.gotomypc.com (see below.) For the latter I don't think you'll see anything except perhaps a ActiveX plugin.

The problem with real gotomypc sessions is that it allows users to bypass your corporate firewall settings, and get -directly- onto their PC. The gotomypc software running on the internal PC reaches out and registers to the primary gotomypc servers, and the user then connects from there (again, bypassing any posture checks you have in your firewall).

In my mind this is Not a Good Thing, mostly because the one instance I had with it was when a user 'shared' out their desktop with a remote client via gotomypc in order to facilitate file transfers, thus giving the client full access to the rest of the network in the process. Incredibly stupid but not entirely unexpected.

From their FAQ (google for "block gotomypc")

you can prevent your company computers from being accessed via the GoToMyPC service by using your firewall to block access to the host poll.gotomypc.com. We do not recommend this method, however, as it prevents all GoToMyPC usage, including your authorized GoToMyPC users.

But, re-reading your question, are you trying to prevent your internal users from Remote'ing into other, off-network GotoMyPC devices, or trying to prevent systems on your network from being remotely accessed?

mattmatin007 Tue, 01/06/2009 - 12:27

gotomypc.com should be blocked since it bypasses your firewall rules... One could using gotomypc.com, somehow take over a user's PC/laptop at work or inject a virus, etc. Either block via FW, or perimeter router "poll.gotomypc.com".

Also a device like Packeteer and NBAR will categorize traffic as gotomypc. Packeteer can block it but I think NBAR can not block "it just will show you the traffic". Both of which are very useful. I use Packeteer...click on gotomypc and click on top talkers and find which users are doing this and ask them to stop.

asafayan Tue, 04/28/2009 - 19:44

Thanks for the reply. I cannot believe almost 4 months has passed! I agree with your position.

I don't like the back channel that goto provides - whether it is outbound or inbound.

Actions

This Discussion