Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5713
Views
10
Helpful
3
Replies

GoToMyPC - Is it a serious security risk?

asafayan
Level 4
Level 4

‎01-05-2009 04:33 PM - edited ‎03-09-2019 09:56 PM

I have a generic question about outbound gotomypc.com sessions.

Does anyone know if there have been verifiable instances of security breaches via gotomypc sessions?

I'm trying to determine exactly what the measureable risk is with allowing outbound gotomypc sessions.

Labels:
0 Helpful
3 Replies 3

clausonna
Level 3
Level 3

‎01-06-2009 10:55 AM

First, be sure that they're really gotomypc.com sessions and not regular Citrix NetMeeting sessions. For the former, you should see a client installed on the users computer and traffic to poll.gotomypc.com (see below.) For the latter I don't think you'll see anything except perhaps a ActiveX plugin.

The problem with real gotomypc sessions is that it allows users to bypass your corporate firewall settings, and get -directly- onto their PC. The gotomypc software running on the internal PC reaches out and registers to the primary gotomypc servers, and the user then connects from there (again, bypassing any posture checks you have in your firewall).

In my mind this is Not a Good Thing, mostly because the one instance I had with it was when a user 'shared' out their desktop with a remote client via gotomypc in order to facilitate file transfers, thus giving the client full access to the rest of the network in the process. Incredibly stupid but not entirely unexpected.

From their FAQ (google for "block gotomypc")

you can prevent your company computers from being accessed via the GoToMyPC service by using your firewall to block access to the host poll.gotomypc.com. We do not recommend this method, however, as it prevents all GoToMyPC usage, including your authorized GoToMyPC users.

But, re-reading your question, are you trying to prevent your internal users from Remote'ing into other, off-network GotoMyPC devices, or trying to prevent systems on your network from being remotely accessed?

mattmatin007
Level 1
Level 1
In response to clausonna

‎01-06-2009 12:27 PM

gotomypc.com should be blocked since it bypasses your firewall rules... One could using gotomypc.com, somehow take over a user's PC/laptop at work or inject a virus, etc. Either block via FW, or perimeter router "poll.gotomypc.com".

Also a device like Packeteer and NBAR will categorize traffic as gotomypc. Packeteer can block it but I think NBAR can not block "it just will show you the traffic". Both of which are very useful. I use Packeteer...click on gotomypc and click on top talkers and find which users are doing this and ask them to stop.

asafayan
Level 4
Level 4
In response to clausonna

‎04-28-2009 07:44 PM

Thanks for the reply. I cannot believe almost 4 months has passed! I agree with your position.

I don't like the back channel that goto provides - whether it is outbound or inbound.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents