Symantec Security Assessment: The Bomgar Box

PDF Version (61KB)   Email This Item

Bomgar Security Architecture

4. Application Client Security

Bomgar requires customers receiving support in Bomgar Box™ sessions to initiate the deployment of a customer client on a workstation. During a typical support session, the remote customer must download and run a small executable that will establish a connection through the Bomgar Box™ and allow the support representative to access the customer workstation. During the installation of the customer client, the customer can choose whether or not the support representative can simply view the screen or obtain full control. The customer is also given the option to discontinue the installation and delete the client.

Once a support session terminates, the client executable automatically terminates running processes related to the support session and uninstalls itself from the customer's workstation. Any subsequent support sessions will require the customer to rerun the installation process in order to deploy the customer client again on their workstation.

During the penetration test, Symantec noted that the access controls afforded to remote customers sufficiently restrict access to their workstation. Symantec was unable to obtain control over customer machines that were granted only viewing privileges and was not able to resume a support session once the session had been terminated and the client uninstalled. Furthermore, during sessions which did provide remote control of the customer's workstation, Symantec found that the remote customer could regain control of the workstation and terminate the connection at any time during the session.

The Adobe® logo is a registered trademark of Adobe Systems Incorporated in the United States and/or other countries.