Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 03-13-2009, 10:38 AM   #1
Beta Member
 
Join Date: Mar 2009
Posts: 2
Default GoToMyPC breach!

Hello,

I found a GoToMyPC client on my company PC. Our company does not use this app and now we are concerned that my PC may have been accessed. Could anyone offer some advice as to how to tell if this has been accessed? I see the registry entries for the GoToMyPC client but can't see anything definitive as to if an actual connection was ever made.

Also, we would like to block this VPN client. We have a PIX firewall and do have some users who use the CISCO VPN client.

Thanks,
Carrie
__________________

Carrieneedshelp is offline   Reply With Quote
Old 03-16-2009, 10:32 PM   #2
In Runtime
 
Daeva's Avatar
 
Join Date: Dec 2005
Posts: 407
Send a message via AIM to Daeva Send a message via MSN to Daeva Send a message via Yahoo to Daeva
Default Re: GoToMyPC breach!

I would start with changing your password and making sure that only registered users are allowed on the machine. Once you do that, then worry about restricting access.

As for the goToMyPC, connections have to be established from the client, so thats a plus, the downside is that unless you are not hosting web-sites, you can't disable inbound port 80 on your firewall, which is what gtmpc uses. Not sure if there is a group policy setting you could change to deny this type of behavior. Check the windows event logs, and have your I.T. company check the traffic on the router/firewall and take a look at the packets that were sent through on that day to determine if there was a connection made (although, I would argue: why is the application there if no connection was made?).

Hope this helps, let us know the results.
__________________

__________________
**Official Self-proclaimed glorified excessive (insert additional adjectives here) post editor/modifier.
Edit = Best feature ever
http://www.twitter.com/xDaevax
Daeva is offline   Reply With Quote
Old 03-18-2009, 03:40 AM   #3
In Runtime
 
Join Date: Mar 2009
Posts: 171
Send a message via AIM to burn420 Send a message via Yahoo to burn420
Default Re: GoToMyPC breach!

If I remember correctly... A pix firewall can reject vpn connections, also knowing cisco, you could probably have your IT configure the pix to only allow encrypted vpn connections. Also I am pretty sure you could also configure it to only allow through the Cisco vpn... I could be wrong, but I would suggest looking into that... Also you could check your logs... If the policies were set correctly, then you should have that connection in a log somewhere(if of course there was a connection)... Also just the same as Daeva said, if you are that concerned about it, I would start checking the packets going through...
__________________
http://tetralogica.com
burn420 is offline   Reply With Quote
Old 03-24-2009, 10:26 AM   #4
Beta Member
 
Join Date: Mar 2009
Posts: 2
Default Re: GoToMyPC breach!

Thank you both for your replies- they were very helpful.

Just to be on the safe side, we wiped my PC and changed my password. Also, we are checking the packets and working on restricting the VPN connections. Unfortunately we could not restrict the inbound port 80 due to a Sharepoint site that we are running but are also looking into using our security/Internet filter to block such traffic.

Carrie
Carrieneedshelp is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 03:24 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0