Poorly configured remote administration software used by IT teams to manage endpoints or servers from a distance is often the first target of attackers, according to a new study that analyzed hundreds of data breach investigations. The software is sometimes poorly deployed, outdated or contains cached administrative credentials that could give cybercriminals the keys to the kingdom.

“Historically, attackers go after large corporate entities and get through the perimeter into the datacenter to get the crown jewels of the organization, but attackers started to learn that shooting the giant elephant is becoming more difficult,” said Nicholas Percoco, senior vice president of Trustwave SpiderLabs. “Now they’re going after smaller remote locations because they can accomplish the same thing with a little more effort.”

The problem plagues large firms with a centralized IT staff and smaller businesses that outsource IT management to a third-party service provider. Trustwave, which analyzed 300 breach investigations and 2,000 penetration tests in 2011, found remote management software was one of the most commonly used attack vectors. The report echoed the 2011 Verizon Data Breach Investigations Report, which recommended companies mitigate weaknesses in remote access services and monitor privileged activity.

Trustwave found corporate IT support administrators using the same or similar passwords at all the remote locations. The company found little use of two-factor authentication and domain credentials that were sometimes located in a cache folder, giving attackers easy access to a machine.

Administrators incorrectly deploying freely available open source remote management software also created some weaknesses. Pen testers found outdated VNC software deployed on point-of-sale systems and servers containing sensitive data. The software contained a VNC authentication bypass vulnerability, a flaw that has been patched years ago, Percoco said.

“I’ve seen instances where attackers have infiltrated a single environment, honed their craft in one location and then developed custom malware to easily compromise other systems,” Percoco said.

The problems plaguing remote management software were recently brought to the forefront when Symantec announced that a 2006 breach of its systems exposed the source code of its Norton pcAnywhere software. Symantec urged enterprises to disable the software and then, after updating vulnerabilities; the company issued a technical document urging users to establish tighter security controls around its use. It’s unclear if some enterprises are heeding the warning or if they even realize the software is running at their endpoints. A recent study conducted by vulnerability management and penetration testing vendor Rapid7, found thousands of IP Addresses with an open port commonly used by pcAnywhere. Many of those were production systems, including some in listening mode on point-of-sale systems.

“Based on the host names and the IP addresses, it was clear many pcAnywhere installations are configured at organizations or sites without much in the way of technical expertise,” said HD Moore, chief architect of Metasploit and CSO of Rapid7.

Moore said remote management tools pose no serious problems if they are configured properly. Common pitfalls include exposing Terminal Services on a system with weak accounts, he said, or setting up VNC in a way that requires a weak password and no mandatory encryption. Sometimes administrators introduce tools and fail to keep them updated with the latest security patches.

“The best choice these days is a combination of Terminal Services (Remote Desktop) combined with a strong local security policy that limits access to administrators and requires those administrators to have complex passwords,” Moore said.

Companies consistently fail at maintaining simple and intermediate controls and that’s a common theme in data breach computer forensics investigation reports, said Scott Crawford, managing research director of security and risk at Enterprise Management Associates, an IT industry analyst firm based in Boulder, Colo.

“Managing access privileges is one of the common missteps, but software defects and poorly deployed remote access capabilities are being targeted over and over again,” Crawford said.

Crawford said companies are failing to ask third-party IT service providers how their remote capabilities are deployed, if they have been tested and secured, and whether they are installed directly on the endpoint. Other organizations have systems with legacy remote management software often set up by an IT administrator long ago and no longer being used.

Organizations deploying their own remote management software can choose between a variety of enterprise-grade products. Ridgeland, Miss.-based Bomgar Corp., sells remote support software commonly used at large organizations or major IT service providers. Other vendors include Herndon, Va.-based Xceedium and Santa Clara, Calif.-based Citrix Systems Inc., which sells a variety of remote access and management software to consumers and enterprises, including GoToAssist and GoToMeeting.

Like many of its competitor enterprise-grade remote support software, Bomgar has recording capabilities to provide businesses with an audit trail when the software is in use. Remote management software in enterprises should be closely controlled, maintained and audited, said the company CEO Joel Bomgar.

“It’s not completely hacker-proof and no solution is, but there are no ports listening on the Internet,” Bomgar said.

Bomgar said more than half of his company’s customers are doing IT support on behalf of someone else. The software is designed to enable those remote IT teams establish a secure ad-hoc VPN and work within a secure tunnel with the server or workstation, he said.

Source:http://searchsecurity.techtarget.com/news/2240115155/Remote-administration-software-weaknesses-plague-businesses

Victoria, Victoria Usoris Systems, a reputed company which specializes in developing remote access software for system administrators and helpdesk companies has announced remote access software at affordable price. This remote access software tagged as Remote Utilities is now available under three licensing options namely home, enterprise and helpdesk. They offer lifetime licensing (pay once, use forever), but the price may vary depending upon the licensing option.

“Initially, when Remote Utilities 5.0 was released there were only two licensing options for business usage. However, due to the increasing demand for the remote access software from home users. We have delivered home licensing option too. Besides, we also understand that it’s not possible to buy a product without using it. So, we offer a fully functional 30-day trial of Remote Utilities 5.0.1, which can help you to determine the efficiency of our product”, says Conrad Sallian, the Usoris Director of Marketing and Public Relations.

Remote Utilities is a remote PC access software, remote support and desktop sharing tool that offers secure access to remote workstations and servers without any difficulties. It offers many flexible features that can ease remote administration process. This software provides a complete access of the remote computer such as view the remote computer screen, control its mouse cursor and send keyboard presses. One of the important advantages of remote utilities is that it allows firewall bypass with the internet-id feature. This feature helps the user to provide remote technical support for his clients or friends. In addition, remote file transfer is also quite easy with this software. This file transfer feature assists the user to transfer big files between computers with ease. There are many more features namely Wake-on-LAN, Network Map, multiple connections support, remote shutdown/restart, inventory management, remote installation and more.

Remote access software allows the users to remotely connect to any PC at home from anywhere without having to configure their router, which is a time consuming and frustrating process. Now, the latest home license option offers remote control software for $19.95 for use on one PC and at reduced rates for additional PCs. Usoris Systems also offers family pack of five licenses for $69.95.

Source:http://www.onlineprnews.com/news/165901-1314956404-usoris-systems-announces-remote-access-software-at-affordable-price.html

LabTech Software, a powerful and robust Remote Monitoring, Management (RMM) and Automation solution for managed services, recently announced availability of a new, updated plug-in for Autotask hosted IT Business Management software for VARs, MSPs, and other technology solution providers. The new plug-in provides additional control, ease-of-use features and integration for MSPs using both LabTech and Autotask.

The upgrade allows new data entry and sync features, such as choosing different fields for the monitored computer’s name. Some users prefer the computer name synced to the Reference Number instead of Reference Title for organization and identification of machines for billing purposes. LabTech partners who have created user-defined fields in Autotask can now map LabTech computer/network device data to those fields, and simply select all, one or multiple fields from the drop-down menu. For simpler account management, users can also sync and select multiple client company types as needed, such as lead, prospect, and customer.

Provided user login IDs in LabTech and Autotask match, users may now enter ticket time in Autotask when logged in through LabTech, saving time and steps when working on service tickets. Partners can go to the LabTech Marketplace on their LabTech Server to find the updated plugin and complete the upgrade.

“LabTech is committed to offering our partners the broadest solution support of any RMM tool on the market today,” said LabTech Software CEO Matt Nachtrab. “Even the most complex tasks can be managed with a combination of LabTech and the widely available service business management platforms.”

LabTech’s arsenal of IT management tools seamlessly support and resolve end-user computing and networking environments with remote desktop, monitoring, trouble ticket tracking, user information, support and software management. An agent-based solution, LabTech enables both on-call support and proactive managed services with one central interface that manages an entire technology infrastructure. LabTech 2011 is available now to current partners.

Source:http://www.bsminfo.com/article.mvc/LabTech-Software-Updates-Autotask-Plug-In-For-0001

There are two main types of remote desktop software you can purchase for your business needs.

Those that are attended and unattended. The attended types of software are those that need a user present at the target machine to allow the remote connection to fix a problem of some kind.

This is the type that is used by a lot of helpdesks when trying to sort out computer issues within the company. Unattended PC remote access software is where you do not need a user to allow entry.

This can be done through the connection as long as the remote access software is installed on both sides of the connection. Each has its own merits and uses.

A company may choose to use either depending on their specific needs. Whereas most helpdesks uses the attended version, the unattended one is used mainly for employees wanting to access their own files on their work machine.

This type of software is generally operated by installing a program that acts in a similar way to a server on the host computer, where you will connect from. It then runs an application on the other machine that connects and uses authentication and encryption to connect remotely to the target machine. Finally, windows remote desktop software will run on any computer which has Windows 98 and upwards.

It is perfect for solving computer programs and remote support and training. There are many brands of these programs out there and it can be difficult to decide which one is the best for you.

One of the original software programs dedicated to remote access was VNC and there have been numerous programs since that are slight deviations of this.

From the list of variants, UltraVNC is one of the more popular free options. It has good support and a good forum in which to gleam information from other users.

Additionally this product has a fantastic encryption plug-in. This program is a package that allows remote control of another computer using any TCP connection. It can work with most operating system.

It offers many features and is free and reliable which is an added bonus.

It has auto-configuration and a simple user interface and a wide range of hotkeys. It is perfect for accessing your home computer while traveling about and can be run attended or unattended.

CrossLoop is another software program that makes it easy to gain remote control with another computer anywhere.

It is easy to install on your computer and also have someone put it on the other machine you want to access.

However, it is at it best when the computer is attended and not unattended. But it is still a very good remote software program for your needs.

Then there is LogMeIn which is a service that is based on the web and is a commercial remote tool. Whichever program you need for you business there is going to be one out there for you to choose from the free options.

This article was written by Phillip Presley on behalf of Proxy Networks. He recommends you consider Proxy Networks for all your Remote Desktop Software, Remote Control Software, and PC Remote Access needs.

Source:http://www.booshnews.com/2010/10/16/differences-between-attended-and-unattended-remote-software/