Understanding Remote Access

Never has accessing your home or work computer from anywhere in the world been as easy as it is right now. With built-in remote features in Microsoft Windows and Apple Mac OS X as well as hundreds of third-party applications, there isn’t much you have to do expect actually do it. Every great technology innovation seems to come with even more risks that need to be paid attention to. The problem is that these remote access solutions are so simple to implement and use that often times the security vulnerabilities that they open up are overlooked.

Remote Desktop, sometimes referred to as Terminal Services, is Microsoft’s technology for allowing users to connect to a remote Windows system. Once connected to the remote system, it’s as if you were sitting in front of it. It’s obvious why this can be a problem if not done using a secure channel. This can be as easy as enabling Remote Desktop on your Windows 7 workstation, or as complex as an IT department configuring a single server to provide a virtual desktop to multiple users at the same time with heavy security policies in place called Group Policies. Remote Desktop has never been more secure as it is today with Windows 7 and Windows Server 2008. It’s been updated to include modern security techniques such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS) as well as the ability to only allow clients to connect securely. Most organizations today only allow remote desktop connections once connected to a secure and encrypted virtual private network (VPN) decreasing the security vulnerability significantly.

You may have heard of, or even used Citrix. Citrix is similar to Remote Desktop but takes things a bit further. In addition to offering the same level of security and encryption benefits, it also allows for the “publishing” of specific applications rather than the entire desktop. This enables IT administrators to provide users with access to only the applications that they need. Many home infusion users will find that when they are using CPR+, HomecareNet, or Ascend remotely, they will connect to a Citrix server first. You may think the application is running on your PC, but it’s safely running at the office just as if you were at work!

Apple provides something called Apple Remote Desktop for Mac OS X, which allows Mac users to connect to their systems remotely. Not only that, Microsoft releases “Remote Desktop Client for Mac” which enables Mac users to connect to Windows systems remotely. Citrix also provides a Mac OS X client that enables the same functionality. Most VPN servers also provide some way for Mac users to connect, this give Mac users big hope for using their systems in a work environment!

Finally, there are lots of third party remote access application, such as CrossLoop, RealVNC, and GoToMyPc. These can be useful to quickly access other people’s system as well as your own through secure channels facilitated by the companies themselves. These often are perfect solutions, and inexpensive, for the home user who needs to access their home computer from work, or on the road.

If you’re a user, ask yourself the following question:

• What types of things do I need to access remotely?
• Does my organization facilitate the remote access that I require?
• How can I take remote access into my own hands using third-party applications like CrossLoop, RealVNC, and GoToMyPc?

If you’re an administrator:

• How can I take advantage of the built-in capabilities I already own, such as Remote Desktop, and extend that to my users?
• What types of applications and services do users need to access?
• What types of vulnerabilities do I open up when extending applications and services to remote users?

Being productive from wherever you are is not a convenience anymore, it’s a requirement. Keeping security and safety in mind is a must for both the user and the administrator, luckily technologies being developed every day are helping make this much easier.

Need some help? Rock-Pond works with remote systems every day, and faciliates remote access to people as well. We can help you navigate all of these options and opportunities.

File Transfer Methods – Not All The Same

In the middle of an already complicated computer world lies the age old requirement of being able to get files from one place to the next. It sounds simple on the surface, but with so many security and performance related issues popping up over the past few years, file transferring is more complex, and riskier than ever. Not only do you have to worry about making sure files get from here to there without picking up a virus, but you have to make sure that the only eyes that see them are those who were intended to. Now throw into the mix the fact that files today are significantly larger than ever before containing videos, pictures, presentations, and data.

The average user, especially the traveling user, argues that they are limited to what they can do, which is generally attaching files to an E-mail. This works, sometimes, but is starting to become obsolete with the massive amounts of spam & content filtering as well as file size limitations mandated by either the sending or receiving organization.

During the initial planning stages of Rock-Pond Connect, a tool developed by Rock-Pond Solutions to manage the deployment of report templates to its customers, several file transfer methods were looked at. The most significant goal of the project was to provide a way to quickly and safely transfer files while maintaining compliancy with the majority of organizations’ IT guidelines. This immediately threw out our good old friend FTP. FTP stands for File Transfer Protocol and is as old as network protocols get, dating back to 1971. It’s insecure, lacks encryption, as well as authentication. Most organizations’ networks don’t even let it in or out of the firewall, and it’s certainly not HIPAA compliant. SFTP was later released with a goal to build in greater security, encryption, and authentication. SFTP is in line with the popular “SSH (Secure Shell)” protocol which is the industry standard for accessing remote Unix-like operating systems. There’s also FTPS, which is an extension to the FTP protocol that adds support for Transport Layer Security (TLS) and Secure Sockets Layer (SSL). Don’t forget that you can always throw your files on a USB stick to accomplish the same task, but now there are new risks, like losing the stick itself! Luckily, there are applications (often times provided with the USB stick) that let you encrypt the data with a password in case of it being lost or stolen. The web is a popular file transfer method, also supporting TLS and SSL, but is mostly uni-directional, meaning the user is usually only pulling files to their system rather than sending them to another. Luckily, Rock-Pond’s requirement for Rock-Pond Connect was only uni-directional, from us to the client.

We ended up coming across a version control system called SubVersion, a quickly growing client / server version control system that efficiently synchronizes files between two or more systems while maintain history and backups. We compared it to our requirements, and it matched up perfectly. We weren’t in need of encryption as the files we are deploying are simply templates, not data. Even if we needed encryption, SubVersion can operate over the TLS / SSL HTTPS protocol.

One of the biggest selling points for us was the fact that our customers could get files from us using an “incremental” approach, meaning they only get what’s been changed since the last time they synchronized with us. This was important to maintain a small bandwidth footprint for ourselves as well as our customers. In addition, transfers take place quickly, and can repeat often.

As I work with home infusion providers around the country, one commonality that I come across is people’s desire to put files “somewhere else”, just in case. Not only that, people are often on a workstation and then traveling using a laptop. Often times a home infusion provider needs to be able to effectively get files back and forth with the company providing them reimbursement services, usually containing sensitive information.

SubVersion, though not a traditional file transfer protocol, has a place in each of these scenarios. For a backup solution, users can synchronize their files to a remote central repository for safe keeping with the ability to revert back to old revisions if need be. No more sudden panics because you accidently delete a file. For the traveling road warrior, you can synchronize your files to a central remote repository from your workstation and quickly pull them down on your laptop. When done with your laptop, synchronize your files and pull them down to your workstation. Two computers, same files. Lastly, to provide files to an outside organization, such as your home infusion reimbursement center, setup a remote repository and synchronize just the files that the reimbursement center should get. They can do the same allowing for a seamless sharing of files over a secure channel.

While there are many options, too many to talk about in this single blog post, SubVersion has met Rock-Pond’s needs well, both from an everyday internal use to a full customer file deployment solution. Look at your own file transfer needs and ask yourself these questions:

• Do you require encryption and fine grain authentication?
• Do you need to transfer files over the internet, and how often?
• What types of people do you need to share files with? How secure are their systems?

Establish file transfer policies and procedures and continue to audit them with today’s ever-changing technology developments. It’s easy to get your files from here to there safely and has never been so important.