First posted on August 20, 2006
Protection and Tracking Work Together to Create Secure Remote Support
Occasionally, a customer, reporter, or friend will ask about the security of remote control support. The context is usually that remote control is having someone who is not there move your mouse and type on your keyboard and that is kind of scary. The truth is that after a user has been supported using remote control once, they generally want to be supported with it all the time. It is so much more convenient and so much less frustrating than being supported over the phone.
Beyond the obvious benefits to the user of enabling the support rep to fix the problem directly vs. trying to tell the user how to do it, I want to argue that remote support is not only as secure as on site or phone support, but actually more secure. Let me explain.
PC security comes down to two things:
- Protection and…
- Tracking
The two aspects of PC security have to work together because neither is perfect. If protection were perfect, you wouldn’t need to track what happens on your PC, and if tracking were perfect…well, you might still need protection, but you would, theoretically, need it less because you would immediately know what happened and who was responsible for it.
Let’s examine the two traditional support methods in the light of security’s two chief counter-measures:
On Site Support
When a support rep comes onsite to fix a PC problem, the rep is given access to the computer in order to resolve the issue. From the point the rep sits down, he has complete, undisputed control of the PC. Unless the user wrestles him out of the chair, the rep is king of the computer. So by way of protection, bringing the rep onsite is pretty much opening the kimono. The rep may not even be supervised while he is performing the repair. He could switch out the hard drive of the PC and the user might not know it for an hour. As to tracking, unless the user is watching over the rep’s shoulder, the rep is pretty free from accountability. He’s supposed to get it fixed, but in the meantime, no one is keeping track of what goes on underneath the mouse. A system log wouldn’t distinguish between one user and another, so it would be impossible to determine who did what except by time signatures. Who’s hand was holding the mouse when the contents of the “legal” folder was emailed to a non-descript yahoo account?
Phone Support
People assume that phone support is rather benign, and in a way, it sort of is. After all, nothing happens that the user is not aware of. Not a click, not a character. So you’d think that the user is protected and that everything that is done is easily tracked.
The problem, though, is that there is a very unsteady communication channel between the rep and the user that both leaves the user exposed to attack and prevents the user from tracking what the rep did or did not do.
From a protection standpoint, the rep is instructing the user in accomplishing what the user would have no business doing without the rep’s guidance. Many users are as unaware of how to resolve an issue after they successfully resolved the issue with the rep’s help as they were before making the call. The rep could instruct the user to delete all registry entries and the average user would dutifully obey, without having a clue what was happening. In theory, the user is in control, but in reality, no one is in control. The rep can’t be sure of what the user is doing in response to his instructions and the user can’t be sure that what the rep tells him is correct.
From a tracking standpoint, phone support is a huge problem. The user may have been just acting on instructions, but it was still the user who was doing it. If something goes wrong, the fault is hard to determine. Who caused the system to crash? Was it the rep who gave the dumb or malicious instructions or was it the user who failed to click “Rename” and clicked “Delete” instead? No one knows, and unless the phone is tapped, it’s just one person’s word against another.
Compare to this, the relative bliss of a remote support session.
From a protection standpoint, the user is able to sit in the same chair they always do and watch what is happening on their screen. In fact, the user never has to let go of the mouse. In NetworkStreaming’s SupportDesk, the user even has overriding mouse control, so if the user moves their mouse, the user takes back control of the mouse.
From a tracking standpoint, the entire session is logged, and can be accessed later. The support rep administrator knows how long the rep was connected, what the rep did, what files were transferred, and what the public and private IP address of the rep is. Furthermore, in an upcoming release of SupportDesk, the entire session will be recorded to ensure that there is no ambiguity about who did what and who is responsible.
So despite the security concerns, remote desktop control is actually more secure than traditional support methods, not less.
