Dont Go to My PC

A couple weeks back, I was driving over to Taco Bell listening to the Kim Kommando show. (Crappy tech show on the radio aimed at the masses). When I heard a commercial for gotomypc.com. That reminded me that I needed to check if that was being used in my company. Gotomypc is a web based remote access solution that allows you to access your computer remotely using them as a proxy. Your remote computer will carry a client software that connects to the proxy as well. And so when you log in with your password, you can connect into your desktop. This is pretty slick, but also against our security policy. The corporate VPN with SecurID or digital certificate are the only allowed remote methods of access.
When I got back to work, I installed an eval copy of gotomypc.com (You have to provide a credit card number even for the eval). I found that I was able to connect to that computer from outside the firewall. The next step was to look at who else might be using it. There are two ways to do this. One is to look at the firewall log and see who is going to poll.gotomypc.com on 80, 443, or 8200. The next step is to use SMS or similar softwarae to check for the presence of g2svc.exe.
Your company can contact gotomypc to register for free and block these types of connections, or block poll.gotomypc.com. Unfortunately if they change the IP of that server, you’ll be vulnerable you just wont know it. So it would be better to register with them. I suppose you could write a script that verifies the resolution of the name so you are notified when the change occurs. Its also a good idea if anyone was using the product to talk with them and explain why the corporate vpn solution must be used. Otherwise they may find another hole through the firewall using even less secure methods.