X hits on this document





4 / 6




ing secure user-to-computer access. With screen sharing and sufficient bandwidth, users can have exactly the same desktop environment, whether

working at the office, at home or on the road.

On the client side, even the most basic PC, Mac®

, Unix workstation or

Windows-based mobile device can be used as a remote monitor, keyboard and mouse. Because it requires just a browser, GoToMyPC can even run on public computers. On the host side, the user’s existing Mac® or PC does all the heavy lifting – providing CPU, memory, disk and applications.

GoToMyPC is an end-to-end solution, designed to avoid any complications with your workplace network. Travelers working at a customer or business partner office, staying in a hotel with broadband Internet access or using a public computer often find these environments hostile to IPsec clients, but not GoToMyPC. Its protocol design is compatible with dynamic and static IP addresses, network and port address translation (NAT/PAT) and firewalls that block incoming sessions. GoToMyPC integrates with an organization’s exist- ing network and security infrastructure to lower total cost of implementation in a manner that allows the network owner to retain complete control over remote-access users and services.

Keep it secure

GoToMyPC can be used at your workplace. Some workers use products that get around LAN security by dialing directly into office computers. GoToMyPC eliminates this temptation by using the Internet. With GoToMyPC, there is no need to punch holes through corporate firewalls. All connections are initiated by the client and host and use outgoingTCP ports frequently left open:80, 443 and/or 8200. GoToMyPC encapsulates all traffic – even encrypted packets carrying proprietary protocol – inside standard HTTP wrappers, ensuring compatibility with firewalls that inspect payload. IPsec – even SSL-based VPN services – usually require firewall adjustments.Instead,GoToMyPC adjusts itself to the firewall. However, enterprises that want firewall control over GoToMyPC can do so very easily, using a single IP-level filter to block traffic to Citrix Online’s broker. Upon request, Citrix Online will also filter GoToMyPC connections made to a company’s network address block, ensuring that only company-authorized computers can be accessed by company-authorized users.

GoToMyPC uses multiple, nested passwords to keep outsiders away. The broker authenticates itself with a digital certificate. Clients authenticate themselves by user name/password, exchanged over SSL, with a “three strikes” rule (account disabled for a user-designated number of minutes after a user-designated number of failed log-in attempts). When hosts register with the broker, each is assigned a unique random number. Hosts authenticate themselves by signing their number with MD5 and user name/password. Thereafter, the broker and hosts exchange MD5 challenge/response mes- sages based on a sequence known only to the pair.

For added privacy, whenever a client connects to a host, they also authen- ticate each other, using a shared secret known only to the end user and the accessed computer. Each end point generates a large random number and digitally signs that number with the computer’s access code.This exchange also forms thebasis for generating128-bit session keys used toencrypt data. For an additional level of security, One-Time Passwords can be used to thwart keystroke capture attacks by making secret-stealing pointless.

Document info
Document views28
Page views28
Page last viewedThu Jan 19 10:57:56 UTC 2017