GoToMyPC breach!

C

Carrieneedshelp

Beta member
Messages
2
Hello,

I found a GoToMyPC client on my company PC. Our company does not use this app and now we are concerned that my PC may have been accessed. Could anyone offer some advice as to how to tell if this has been accessed? I see the registry entries for the GoToMyPC client but can't see anything definitive as to if an actual connection was ever made.

Also, we would like to block this VPN client. We have a PIX firewall and do have some users who use the CISCO VPN client.

Thanks,
Carrie :eek:
 
I would start with changing your password and making sure that only registered users are allowed on the machine. Once you do that, then worry about restricting access.

As for the goToMyPC, connections have to be established from the client, so thats a plus, the downside is that unless you are not hosting web-sites, you can't disable inbound port 80 on your firewall, which is what gtmpc uses. Not sure if there is a group policy setting you could change to deny this type of behavior. Check the windows event logs, and have your I.T. company check the traffic on the router/firewall and take a look at the packets that were sent through on that day to determine if there was a connection made (although, I would argue: why is the application there if no connection was made?).

Hope this helps, let us know the results.
 
If I remember correctly... A pix firewall can reject vpn connections, also knowing cisco, you could probably have your IT configure the pix to only allow encrypted vpn connections. Also I am pretty sure you could also configure it to only allow through the Cisco vpn... I could be wrong, but I would suggest looking into that... Also you could check your logs... If the policies were set correctly, then you should have that connection in a log somewhere(if of course there was a connection)... Also just the same as Daeva said, if you are that concerned about it, I would start checking the packets going through...
 
Thank you both for your replies- they were very helpful.

Just to be on the safe side, we wiped my PC and changed my password. Also, we are checking the packets and working on restricting the VPN connections. Unfortunately we could not restrict the inbound port 80 due to a Sharepoint site that we are running but are also looking into using our security/Internet filter to block such traffic.

Carrie
 
You must log in or register to reply here.

Similar threads

R
Vpn apps keep breaking my internet
Replies
1
Views
871
Scissorman
S
J
Licensed money lender IT solution
Replies
0
Views
921
jrsml
J
R
Windows VPN issues
Replies
8
Views
2K
Joe C
Joe C
M
Email Mailbox Sharing Alternative
Replies
1
Views
1K
mahmudulhasanrifat
M
superdave1984
Web security appliance vs DNS filtering
2
Replies
14
Views
3K
Vuesol
V
Back
Top Bottom