My work involves data collection from remote, inaccessible sites located around the world. I need to have highly-reliable methods of remote control. So I make sure every PC is Intel vPRO enabled, allowing me to power down, reboot, and even reinstall the operating system remotely from a HTTP vPro internal webserver on port 16992.
remote PC control checklist:
- Intel vPro motherboard
- Certificates to control vPro (don’t rely on passwords for full PC control!)
- Clonezilla DVD in DVD drive
- Clonezilla HDD image on Blu-ray in drive or USB HDD / flash drive
- Hardware Firewall (e.g. pfSense, m0n0wall) (don’t want to expose vPro ports to outside world).
What about the actual remote control? One can use SSH port forwarding and RDP/XRDP, but what about those who want to use LogMeIn or the like? I had this discussion recently and here were my points:
Pros of LogMeIn, TeamViewer, GoToMyPC commercial services:
- I would say that commercial remote desktop services such as LogMeIn are typically more secure on a Windows PC than just leaving port 3389 open to the internet. (One can use Cygwin OpenSSH server to SSH port forward to 3389, and/or use pfSense hardware firewall)
- LogMeIn has convenient apps for smartphones and from a web browser (for open source choices, see AfreeRDP and Guacamole)
Cons of LogMeIn, TeamViewer, GoToMyPC commercial services
The downsides of LogMeIn-type commercial services have philosophical and practical aspects.
- Commercial services typically use proprietary (non-open-source) technologies for the central server and/or securing the connection. (Open source choices are using perhaps the same technology but open to world-wide security reviewers).
- The convenience of commercial services (centralized server making the connections) is seen by some as a weakness (could have unknown hackers as employees, could shut down their server, raise prices, etc.).
With open-source software, I can also access my PCs with a “single click” from a phone or laptop, without having a 3rd party server involved, and with all free open-source software that I trust. I can do so from a web page without plugins (see Guacamole). The key point being that I don’t have a 3rd commercial party whom I have to trust and pay.
Some customers do not allow 3rd party remote control software to be used, and so I have become proficient at using open-source solutions for remote control of many systems.