GoToMyPC provides data confidentiality with a highly compressed encrypted stream that ensures confidentiality without sacrificing performance. GoToMyPC implements 128-bit Advanced Encryption Standard (AES). AES was selected due to its computational efficiency, flexibility, simplicity and security; it is the U.S. government’s designatedcipher for protecting sensitive information.
Screen sharing and file-transfer packets include a sequence number to prevent message-replay attacks. These packets carry highly compressed binary data that are framed in a proprietary protocol and encrypted with AES. A hacker cannot modify these packets without corrupting them. Any third party attempting to inject or replay packets would have to know both the session key and the current state of the AES engine. Lack of clear text makes it exceedingly difficult to “guess” the encryption key through traffic analysis. And of course, each key is good for just one session.
One of the advantages of providing remote access through screen sharing is the ability to leverage the access controls already in place on the corporate LAN. For example, when GoToMyPC connects, the remote user must enter a Windows login and password to access the computer and be granted file, host and domain-level permissions associated with his or her account. In other words, the remote user does not have tunneled access to the enter- prise network – he or she only has access to a single computer’s desktop, and is subject to access controls already in place for that desktop. Host screen blanking and host keyboard/mouse input blocking increase the physi- cal security of the computer being accessed.
It’s also important that remote-access sessions be terminated after inactiv- ity. Remote users walk away from public computers without logging out and leave home computers unattended. GoToMyPC uses inactivity time-outs to help mitigate these threats. Users are automatically logged out of the GoToMyPC.com Web site when their SSL session remains inactive for 15 minutes. In addition, users can configure the Viewer to time out after a period of inactivity. Although most security features are pre-configured, users can activate additional features such as local computer keyboard/screen lockout during remote access.