LoudPC

Just discovered two users using this through the corporate network and from home via the Internet - http://www.loudpc.com/index.htm.

Personally I feel that this application presents some security issues, as the remotely connected user can access his/her PC over the Internet.

But it gets better, to quote LoudPC "our servers simply request and format the information directly from your PC each time you access the LoudPC user website (https://my.loudpc.com) to request something."

I don't know about you but this strikes me as very suspect, especially in the corporate world.

I havn't had time to sniff the network to find out what ports its using, but I suspect its 80 and 443, and also must be proxy aware.

What do you all think!!

Golam

KILL IT! Especially in a corp network. Don't you have something in your policies saying users can't do this?! If you don't... I'd hate to be admin on your site...

If users truly need remote access, setup a secure VPN connection for them. At least the admins would have control over it. If they need access to files from home... get them a USB pen drive. Another thing you might want to do is set logon times (if possible). After normal working hours, they will have to put in a request for access to the network after hours and restrict the times again when they don't need it. That way you can ensure that nobody is on there except for admins.

I wouldn't trust anything a user wants to put on their PCs.

I don't allow ANYONE to install ANYTHING without permission from my department. In fact... they need admin privledges to install anything or make changes to anything. It is clearly stated in our policies that it is not acceptable, and if caught... we may be packing up your desk for you.... Their PCs are audited several times a week to make sure of this. Any changes to a PC and we know about it.

Security is FAR MORE important than convenience! If they don't like it too bad.

There is a LOT you can do to lock down your network. But as most people know... one of the biggest security risks is your users. Educate them and make sure you have policies in place to make sure that there are consequenses for not following the policies.

But then again... that is just me.

I agree with Phish 100%. No user should be allowed to install software let alone pipe stuff into the network. Most user don't have a clue as to the problems they can cause doing this.

Besides the obvious potential breech in security from the internet you have to take into consideration industrial sabotage/espionage and the disgruntled employee.

One has to wonder what kind of butt hole would allow those s/he has never even met unattended access to their home computer. If they insist on being asses they can be as big a one as they want at home, just as long as they keep it there.

BTW a good firewall would stop binary streams from entering even threw port 80

I do agree with all you say. I have only been here as security manager for 3 weeks, so I have alot of tidying up to do.

I was just interested in other people's thoughts on this product - and to bring it to your attention.

Golam

I agree that it should be stopped, your company confidental information is going through an untrusted 3rd party that you don't have a contract with.

I disagree with tedob however that

Quote:

---

a good firewall would stop binary streams from entering even threw port 80

---

If it did that, you would not be able to see any images on the web nor download anything.

The easiest way of stopping it is to contact the individuals involved, ask them to stop, and write something into the next version of your AUP which specifically prohibits doing this (if there isn't something which already implicitly does so).

Obviously if they keep doing it after they've been told not to, then they can be sacked for misconduct (assuming the individuals involved aren't company directors :) )

Slarty

Quote:

---

If it did that, you would not be able to see any images on the web nor download anything.

---

In a corporate environment do you really need to be able to browse and see pretty pictures and download files?

Quote:

---

LoudPC supports 128-bit end-to-end encryption. LoudPC does not expose any open ports on your PC (that could be used by hackers to gain access to your PC); does not store your information (email, contacts, appointments, notes, tasks or files) anywhere on our servers; and the LoudPC Service uses secure connections from your mobile device if possible.

---

That is a pretty bold statement on their part, specifically "does not expose any open ports on your PC (that could be used by hackers to access your PC)", how else can a users connected to it? Their a little over confident that it can't be broken...

Dhej

slarty

by using the MIME type 'application/octet-stream' executables can be blocked. this can be broken down still farther to allow or deny particular types of binary(octet) streams:

Type .ps - application/octet-stream binary 0.8
Type .rtf - application/octet-stream binary 1.0
Type .csh - application/octet-stream binary 0.5

or

Type application/octet-stream .so
Type application/octet-stream .dll
Type application/octet-stream .jar

or

application/Winzip


this in no way affects images that have a totally different MIME type:

Type image/*
Type image/gif
Type image/jpeg
ETC

didn't think it was necessary to complicate this thread with firewall configuration info. If potentially dangerous files are blocked by an application firewall this would limit the potential hazards a service like this could present if gone undetected.

Sorry for contradicting your contradiction but IMO this is an important point to be made. Having a good firewall in place can save your network.

Certainly I agree with all that has been said, we have a good firewall in place, and I was interested if this particular app could be blocked. I was thinking of just blocking the LoudPC addresses at the forward facing router. But they could change their IP's.

Any one have any info on how this app actually communicates - as I really don't have that much time to really invetisgate (to many other fires to put out)

Golam

Sounds just like PCanywhere. What you have to guard agenst here is an attack from the inside. This kind of program is can't be installed by accident (as would be the case with a trojen9(sp?)). The fact is this program can allow an employee to get information out of the comanies with out the knowledge of the mangement. I belive that this kind of program was used by a microsoft employee to steal some source code (could be wrong on that one). This kind of program if need should be given to fust anyone within the firm. And under no circamstances should it be installed with out the knowledge of the sys admin.

Quote:

---

That is a pretty bold statement on their part, specifically "does not expose any open ports on your PC (that could be used by hackers to access your PC)", how else can a users connected to it? Their a little over confident that it can't be broken...

---

What they mean by "LoudPC does not expose any open ports on your PC (that could be used by hackers to gain access to your PC); ". Is completey possible. How they do it is by making the port appear closed, unless the users sends a correctly formated request to the port. Then it is a case of sending the correct Authentifacation string to login, at which point the connection is made.

The trick is not to block it at all (as you should already only the port you need open on the fire wall), but to have it removed from every desktop, then lock every desktop down so it is not possible for a user to install anything with out the Admin password. Have a clear computer use policy stating that install unauthorized software is a sackable offence.

Finally install an IDS system, Im guessing some has proberly writen a sigature for detecting the traffic. then is anyone installs the program (by firstly breaking into there own desktop) the IDS system will flag the traffic and tell you where it is coming from.

hope that helps

SittingDuck