[Patricia10]

As a non techie, I wonder if anyone can tell me if I'm being misled by my IT Manager.

He has stated that we must stop using Mikogo, as these kinds of desktop sharing programmes make it 'easy, for someone with the right tools' to access any files on our entire, company wide network' - even if the user themselves does not have this access.

He goes on to say that even if his event's log shows a connection with Mikogo for, say, 15 minutes, the external person could still have access and be surfing the network without this showing up on the IT Manager's activity logs (or anywhere else for that matter), so we could never know what was accessed and when, once a person is 'in the system' via a desktop sharing facility.

This seems odd when so many companies use Mikogo - or similar - and it would cause us many problems if we had to stop using it; but before I make any decisions I just want to check the information I've been given is accurate.

Many thanks in advance for any help.

Mel

Edited by Patricia10, 05 February 2012 - 10:43 AM.

[Advertisements]

I should have said, he reports into me. If I make the wrong decision it's me that takes the flack from the Board. Hence my need to check!

Edited by Patricia10, 05 February 2012 - 11:41 AM.

[Patricia10]

I should have said, he reports into me. If I make the wrong decision it's me that takes the flack from the Board. Hence my need to check!

Edited by Patricia10, 05 February 2012 - 11:41 AM.

[risingphoenix1985]

Hello Mel,

The short answer would be yes, it's possible.

Having said that, you would need to do a lot of work to do it and I seriously doubt your average hacker could be bothered to do it.

[risingphoenix1985]

If you would like me to explain a little more behind the theory on this, let me know.

[Patricia10]

I would be hugely grateful, as I'm sure I'm going to be subject to a great deal of criticism if I can't justify my decision to either carry on allowing people to use it, or stop people from using it. If I get it wrong I'm in big trouble!!.

It's this idea of being able to remain attached, accessing the system without any trace that has got me particularly worried.

Regards

Edited by Patricia10, 05 February 2012 - 11:59 AM.

[phillpower2]

Google the name and you will see for yourself that their biggest crime was trying to capitalise on the swine flu outbreak a while back some info for you @ http://www.mywot.com.../www.mikogo.com
What is the IT guy suggesting that you use instead?

[Patricia10]

He's not! That's the problem. He's suggesting all desktop sharing should be prevented because it allows people with IT knowledge to 'easily' acccess everything on our network; and remain connected to our system, without us being able to find out that someone's connected and from where. It would all look normal on his logs whilst someone was actually hacking into the system.

Regards

[risingphoenix1985]

Hello,

I understand completely.

First thing is to understand how the application in question works. It's quite simple in theory...

The application on your PC connects to a server provided by Mikogo and from there attendees can view what you are sharing.

There are a few scenarios you should consider...

1. A hacker on your network can see traffic inbound and outbound and could see that someone was using this software. They could then start to determine your network topology and discover the PC in question. From there, they can craft a simple exploit that could give the user access to your PC and your network. Once they have done this, (here comes the scary part) they can find out how the PC in question connects to the network and then engage in a practice known as privilege escalation a process where by the hacker starts of as a limited user and then through various means escalates the account to administrator.

2. A hacker on the attendees network can see that someone is having a meeting and that the traffic is going to a Mikogo server. They then have two options... The hacker could break in to the Mikogo server and follow the route back to your PC, craft an exploit and do the same as above. Or if the application gave your outbound IP then a hacker could try bypassing your buildings firewall and would be able to do anything on the network they liked.

3. Mikogo suffers an attack and details of users accounts were compromised. I don't think I need to explain what they could do then.

While I believe your IT Manager is correct in his assessment, I would point out that the same could be done with messenger applications such as MSN/Yahoo/Skype etc.

It's this idea of being able to remain attached, accessing the system without any trace that has got me particularly worried

It worries a lot of people and I'm sorry to say it's a very easy thing to do.

1. Find target
2. Scan target
3. Exploit target
4. Escalate permissions
5. Cover tracks

I won't go in to the details of the above, but there are free tools out there that can do this very easily.

If you have any questions on this let me know.

[phillpower2]

Correct me if I am wrong but shouldn`t this guy be more interested in securing your network not shutting it down.
You should be allowed to use the intended facility for your legitimate business activity without fear of a cyber crime attack and this IT manager should be ensuring this.
GTG is a not for profit community and the guidance we give is determined by our TOU (Terms of Use) whereby we cannot help issues that concern business interests, I can however suggest that you consider seeking the opinion of a local independent IT consultant or present the IT managers suggestion to the board and let him explain his reasons, good luck with it but remember you said it yourself you are a non techie so cannot make a concrete decision on this.