Symantec Security Assessment: SupportDesk™ 9 Product Penetration

PDF Version (84KB)   Print This Item   Email This Item

NetworkStreaming Security Architecture

4. Application Client Security

NetworkStreaming requires customers receiving support in SupportDesk™ sessions to initiate the deployment of a customer client on a workstation. During a typical support session, the remote customer must download and run a small executable that will establish a connection through the SupportDesk™ appliance and allow the support representative to access the customer workstation. During the installation of the customer client, the customer can choose whether or not the support representative can simply view the screen or obtain full control. The customer is also given the option to discontinue the installation and delete the client.

After installation of the customer client, two small application processes spawn to handle the transmission of screen data back to the SupportDesk™ appliance. One process provides the functionality of serving screen data from the user's workstation and the other process handles communications between the screen server component and the SupportDesk™ appliance. Rather than bind the screen server process to a network accessible port, the screen server component of the customer client listens on a local network port that can only be accessed by processes already running on the customer's machine. The second process then establishes a local connection to the screen server process and bridges this connection to the SupportDesk™ appliance. This design protects the user from the risks associated with running a network-accessible service on their workstations and allows any firewall software configured on the customer's machine to remain enabled during a support session.

Once a support session terminates, the client executable automatically terminates running processes related to the support session and uninstalls itself from the customer's workstation. Any subsequent support sessions will require the customer to rerun the installation process in order to deploy the customer client again on their workstation.

During the penetration test, Symantec noted that the access controls afforded to remote customers sufficiently restrict access to their workstation. Symantec was unable to obtain control over customer machines that were granted only viewing privileges and was not able to resume a support session once the session had been terminated and the client uninstalled. Furthermore, during sessions which did provide remote control of the customer's workstation, Symantec found that the remote customer could regain control of the workstation and terminate the connection at any time during the session.

<< Previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Next >>

The Adobe® logo is a registered trademark of Adobe Systems Incorporated in the United States and/or other countries.