Network Wrangler – Tech Blog

Free and Secure Remote Access? Sort of …

Recently, GoToMyPC forced all customers to reset their passwords.  They were not hacked, but rather saw that hackers were attempting to access their customers’ computers using credentials that had been hacked from other places.

 

This seems like a good opportunity to show off how PA Server Monitor can allow remote access in a completely safe way.   How can we make that claim?

 

This picture comes from our help documentation at:

https://www.poweradmin.com/help/pa-server-monitor-6-2/config_remote_monitoring.aspx

 

arch_remote_sm

 

There is a lot going on, but it boils down to the PA Server Monitor Satellites (shown as the blue circle computer icons near the bottom of the image) at remote sites make HTTPS calls back into _your_ central site (top left corner).

 

This leads to safety in a few ways:

 

  1. 1. The remote Satellite locations don’t open any incoming ports in their firewalls.  There is nothing to attack on that side.
  2. 2. The communication between Central Service and the Satellite is all HTTPS encrypted traffic.
  3. 3. The Central Service is at your site inside your firewall.
  4. 4. Access to remote Satellites is done from your site, inside you firewall, by connecting to the Central Service.  
  5. 5. The ports used to access the Central Service for remote viewing are not exposed to the firewall

This configuration allows you to connect to your monitored servers using any product you like, such as Windows Remote Desktop (RDP), VNC, etc.

So assuming internet hackers are not inside your central network (which is a whole separate subject), there is nowhere for them to try and attack in order to gain access to the Satellites.

 

So what’s this about free access?  Normally you have to pay to get remote access to a bunch of distributed sites, especially if you’re that access for business purposes.  With the PA Server Monitor Ultra license (which is what is used to enable Satellites), that remote access is already built in.  No additional monthly fees!   And since it runs on your hardware, you are in full control.  Once you have your monitoring system built out, you get remote access for free.

 

If you’re interested in reading more, look at our SNAP Tunnel documentation – that’s how RDP/VNC/etc connections are tunneled.

Posted

in

, ,

by

Doug N

Tags: