I am writing a column on Remote Access methods, concerns, and options.

Is Teamviewer, LogMeIn, VNC, and RDP 'good enough'??

Is using a remote laptop and a VPN with a password good enough?

Is there any need to authenticate the device or user that is logging into the network?

Is/are the process(es) that is/are available to the network critical enough to require a higher remote access security requirement than 'normal', or do we simply not care?

Thank you in advance for any and all replies!!! Much Appreciated

Cheers from: Jeremy Pollard, CET The Caring Canuckian!
Crisis, necessity, change
www (dot) tsuonline.com
Control Design www (dot) controldesignmag.com
Manufacturing Automation www (dot) automationmag.com

 

> Is Teamviewer, LogMeIn, VNC, and RDP 'good enough'??

Generally, no. Certainly not direct VNC and RDP. Teamviewer and LogMeIn are perhaps a bit better. Leaving RDP open is asking for trouble. VNC is even worse; its record on security is pretty bad. Using port-forwarding in a router for known protocols is not considered good practice.

> Is using a remote laptop and a VPN with a password good enough?

Maybe. A combination of a VPN with RDP might be better than a direct connection to machine controllers. That way, at least the controller isn't directly tied to the Internet, and there's another layer of security. However, it requires a dedicated PC, which introduces a potential weak point, and might have to be shared by people needing remote access. VPN straight to the controller is what I see most of. VPN to RDP is second. I've yet to see Teamviewer or LogMeIn.

> Is there any need to authenticate the device or user that is
> logging into the network?

Definitely at least the user needs to be authenticated. Device would be nice, but it adds a layer of impracticality. VPN already requires a user. I have seen a two-factor authentication with a time-limited code to allow the user to log in to the VPN, which is away to do device authentication.

> Is/are the process(es) that is/are available to the network
> critical enough to require a higher remote access security
> requirement than 'normal', or do we simply not care?

There are absolutely some applications that are critical and should have more security. I like the two-factor authentication. I also like a site-initiation requirement, where the VPN is off unless a key is turned. The only downside on that one is the possibility that the key never gets turned to the off position.

I really hope that the security for remote login to nuclear power plants, power generation in general, petrochemical, etc. are at LEAST a VPN within a second requirement.

-James Ingraham
Sage Automation, Inc.

 

Thank you sir!! appreciate your feedback...

Cheers from: Jeremy Pollard, CET The Caring Canuckian!
Crisis, necessity, change