1. Security issues of remote control
The security of remote control is already a commonplace issue. As someone who works remotely all year round, I just want to say that no matter what software you use, there will be security risks. It cannot be 100% safe, but It is relatively safe and we can still control it independently.
First, we need to figure out what remote control is?
Remote control means that managers can dial-up remotely through a computer network or both parties can access the network, connect to the computer to be controlled, display the desktop environment of the controlled computer on their own computer, and configure the remote computer through the local computer. , software installation program, modification and other work. In other words, the meaning of local computers controlling remote computers through the network is now not limited to computers. Mobile phones, tablets, etc. can also achieve remote control after downloading remote control software.
Second, is remote control safe?
First of all, remote control requires 被操控的用户同意才可以that there is no so-called "safety or not" issue. Secondly, 正规的远程协助是安全的because based on the function under the vnc protocol, virus files will not be transmitted through remote assistance. In addition, because 远程对象一般都是自己信任的亲朋好友they are all people you can trust, you don’t have to worry too much about privacy.
However, if used by criminals, there is a possibility of information being stolen. For example, illegal remote control behavior, stealing data from users' computers by implanting viruses, Trojans and other means. Therefore, when using remote control, you must find regular remote control software to operate it to avoid threats to your equipment and personal privacy.
Third, what are the common security issues in remote control?
Security threats that occur in the process of remote control can generally be divided into two categories:
one is autonomous behavior controlled by humans. It was emphasized earlier that "remote control requires the consent of the user being controlled." If you click and agree, it is not a technical issue. , what is needed is to strengthen one's own security awareness, and do not listen, believe, or transfer money. Similar behaviors include accidentally leaking passwords when sharing information, turning on screen sharing because of trusting strangers, clicking on unknown links or malware, etc.
The second is external/technical factors that occur very rarely but are possible, such as unstable and unsafe network environments; lax control or loopholes may occur when using third-party communication or collaboration tools and accessing other business APIs. Most of the problems have been effectively controlled with the development of technology and security supervision.
Finally, how to achieve relative safety during remote control?
It's very simple. First choose a formal and highly secure software, make security settings and grasp the key points of remote security. Below, I will use three popular remote control software ToDesk, AnyDesk, and Sunflower as practical basis to conduct a comprehensive security evaluation. I believe you will have the answer after reading this.
2. Selection of remote control software
(1) ToDesk
ToDesk is a multi-functional, all-platform secure remote collaboration software that supports cross-platform collaborative operations on Win, Linux, Mac, Android, and iOS. ToDesk supports remote connection in any network environment, opens a free list of 100 devices, and supports more than ten free functions such as remote power on and off, file transfer, clipboard, remote camera, privacy screen/extended screen/mirror screen, etc. For design and technical groups with relatively high image quality requirements, we provide high-performance packages including global network nodes, game controllers, 4:4:4 true color, digital tablets, multi-screen operations, etc., which can fully meet more usage needs.
PC client remote security settings:
Login: ToDesk computer client provides 手机号码、手机验证码、邮箱、微信、APPfive login methods, which is very convenient! What I most commonly use is to scan the QR code to log in through the APP. If you check Automatically log in next time, you will keep the same login account next time you open the ToDesk program, and there is no need to scan the QR code again.
Log out: Click the avatar to log out with one click. After logging out, you will not be able to initiate a connection. If you log out after get off work, you don’t have to worry about others connecting randomly.
For comprehensive security settings, the ToDesk client provides a wealth of defense dimensions. For example, for security verification of controlling local settings, you can choose a lock screen password or manual consent; there are two verification methods, temporary password and security password, safe The password is fixed, and it is precisely because it is fixed 不少于8个字符、大小写字母、特殊字符、数字that many other elements are set up. The strict password logic is really reassuring.
There is also a temporary password update frequency. ToDesk can be updated to 每小时或者每次远控后. The higher the update frequency, the higher the security. If there is a need to send remote invitations to external parties, it is recommended to set it to high-frequency update.
Needless to say, privacy settings, such as automatically locking the machine and automatically locking the screen, are common methods. Pulling in black and white lists is also a permission setting for specific devices. But here I want to talk about ToDesk’s privacy screen settings. I use this feature every time I work remotely, and it was recently released 自定义隐私屏. It’s quite interesting and I want to share it with you.
Log in to the ToDesk official website and enter the personal center. After seeing the software customization, select Privacy Screen Customization. I searched for a wallpaper of the same soy sauce latte that has become popular recently as an example:
Does the effect of remotely turning on the privacy screen have a strong Moutai sauce aroma? !
Of course, you can change it to any wallpaper you want. This feature is currently only available in the Professional version and above.
If you don't want to go out of your way to download a dedicated client, consider it ToDesk精简版. The whole process of personal testing can be opened and used within 30 seconds. It has a very simple interface. This machine can only be used as a controlled device. You can copy the code to the object you need to support remotely. You can easily uninstall it when it is not needed, so that no trace of data is left. , which has the characteristics of small capacity, fast speed and high security.
If you have other security issues, please go to the help center on the ToDesk official website. Here you will find detailed answers and operation steps.
Mobile remote security settings:
At present, my Android machine is the latest version 4.7.0.9 of ToDesk. Click to enter the separate device list, and then click the three dots in the upper right corner to view detailed remote connection records. With the records, you can trace the source of the connected device and detect whether An unfamiliar device is connected.
And on the [Connect] menu page, the "recently connected" devices will also be displayed. If you directly click on the device, the device number and temporary password will be automatically entered, achieving the convenience of instant connection. If the password is not fixed, you will have to re-enter it.
Enter the specific category of the mobile terminal. The updated version has been designed and optimized. The directory bar is at the bottom and shrinks. Click upward to expand when needed.
Within the scope of security settings, 锁定计算机、关闭声音、禁用被控键鼠、开启隐私屏security settings for the permissions of the controlled terminal can be achieved through operations on the mobile terminal.
In addition, the [Settings] menu page also has the option of logging in to the device management and logging out of the account in the security center. You can manage and control the scope of your own device usage and maintain the security of your personal account.
In terms of security prompts, ToDesk will prompt you before opening privileges. Android phones need to open 4 permissions. In fact, the process of opening this permission is relatively complicated. You need to prompt the user step by step. What are you currently enabling? What will be the impact? If you want to turn it on after you've learned a lot about these features, make sure you trust the device.
When it comes to protecting financial accounts, ToDesk has expertise 隐私触发机制. Take Android being controlled as an example. If the controlled person opens a financial account or enters a password during the remote process, the main control terminal may display a black screen or blurry screen. In practice, when I turned on Cloud QuickPass security verification, the screen was already black, and there was an anti-fraud reminder after exiting. Remote anti-fraud prevention is everyone’s responsibility.
The actual operation is shown in the figure below:
On the controlled end, ToDesk provides instant disconnection security settings. This suspension can only be retracted and cannot be closed, which means that during remote use, it 主被控都可以随时结束远程is really a casual and safe setting!
(2)AnyDesk
AnyDesk Chinese AnyDesk, from Germany, was founded in 2014. It is the world's leading remote desktop software provider. It supports multi-language settings and has the characteristics of high frame rate, low latency, efficient broadband usage, etc., with 200 million views per month. Sessions, the video codec DeskRT is the technology foundation of AnyDesk, so latency on the local network can be kept below 16 ms.
PC client remote security settings:
AnyDesk desktop client can enter the workbench code in the connection box, or save commonly used devices and click options such as connect, invite, and transfer files. The function items are more commonly used.
For actual testing AnyDesk实行无密码远程连接, PC controls PC and needs to be controlled and clicked to accept before starting the remote control; to remotely control an iPhone with Win, one needs to click to accept and start the screen live broadcast; when remotely controlled by an Apple phone, Win needs to be controlled online (in front of the computer) and the dialog box is manually opened. Click Accept to enable remote control. In short, the device and the person must be present at the same time to operate. Although it is guaranteed to be a human consent, it is not particularly convenient for remote use anytime and anywhere.
The client session's configuration file provides 缺省配置、屏幕共享、完全访问和无人值守access to four configuration options, each of which needs to be individually lit for specific functionality.
For example, full access configuration can be lit 允许使用鼠标键盘、文件管理器、剪贴板、收听声音、录制、白板、启用隐私模式, etc. Click [More] and richer permissions will appear, as shown below:
Even the information of the controlled device can be fully displayed, including 被允许的功能点,对方的操作系统、显卡、监视器、显示像素、IP地址、网关、服务器other information, all can be seen at a glance, and the information is transparent.
Click [Security] in the global settings to make more detailed security settings, including whether to allow interactive connections, whether to open/delete access data, activate dual identity, print files, synchronize the clipboard, etc.
The permission profile synchronization session interface will not be discussed here.
The default is an automatically updated version, and provides a timeout setting for automatically disconnecting the session. You can set whether to display online. This is to determine whether it will be searched by other AnyDesk clients in the local network during the discovery state.
The security settings worth noting here are 自主访问设置密码和双重身份验证,
According to the official website, AnyDesk uses TLS 1.2 standardized protocol technology, RSA 2048 asymmetric key exchange encryption, 256-bit AES transmission encryption, salt hash password and other advanced password settings, which are estimated to be reflected in these two security settings.
In practice, although there is no prompt, the password setting is the same as the ToDesk security password (fixed password) above.
After turning on the two-factor authentication function, Anydesk will pop up a QR code to generate the code. You need to use an application called FreeOTP to scan the QR code, and the code information will be obtained. Enter the verification code to "enable authentication".
This is suitable for when the independent access password is leaked but the password cannot be changed in a short period of time. You can use the two-factor authentication function to improve the security of the device.
Mobile remote security settings:
I found that the mobile version of foreign software is very simple. Regarding the security settings of [Security] and [Privacy], some security settings of the PC client are maintained in the security directory, including remote default options, discovery and automatic disconnection, while the privacy directory is simpler. , only editing of avatars and desktop wallpapers.
Personally, I feel that AnyDesk's advanced security settings are mainly reflected in the enterprise version, which can be hosted on a local server and has more customization options and efficient IT management rights. In terms of charging, it requires at least 168 Hong Kong dollars/month, which is equivalent to RMB 168/month. A one-time annual charge.
Since most foreign software has domestic agents, it is difficult to find someone if you have any problems and cannot be solved in time. Moreover, some state-owned enterprises, government agencies and other units have strict restrictions on foreign remote software. Small businesses engaged in official occupations Partners recommend using domestic remote control software first.
(3)Sunflower
Sunflower Remote is an early remote control brand in China, famous for its Bei Rui. It initially provided domain name services. It was only officially released in 2009 that Sunflower Remote Control has the adaptability to support multiple system devices, including Windows, Mac, Linux, etc., ensuring Stable and efficient remote connection experience.
PC client remote security settings:
Sunflower can provide data export in logs and history. The new version can detect updates independently and also supports locking client operations.
In the specific security directory of Sunflower, 安全验证方式、安全证书、开机密码、隐私设置、域名访问和安全设置focus on it. The difference is that Sunflower does not have as many update frequency options as ToDesk. At the same time, it adopts a method similar to AnyDesk. 双重验证方式After setting the local login password or access password, you can also add an option to force the control end to enter a verification code and obtain the local consent. It can be said that there is an additional manual consent step in verifying passwords.
In addition, Sunflower can also provide 禁止同步剪贴板文本、文件传输和指定访问文件夹. Compared with other sharing, it has set special permissions separately. Sometimes it is delayed and I wonder why it cannot be copied.
There’s not much else to say. RDP\CMD requires payment, but even cameras are also paid.
Just last week, I used Sunflower and I thought it was fine. However, it often crashed several times in one day, suddenly disconnected and I couldn't log in. But today it's still...! ! !
This is not bad, it is a technical bug, what are you afraid of being suddenly controlled inexplicably? ! ! My colleague next to me has encountered it. After searching, I found that other people also have this situation. In this case, I am a bit worried about safety.
Mobile remote security settings:
The remote interface of the Sunflower mobile terminal is basically a remote operation button. Locking the desktop can barely count. Then, the settings include similar controlled records, access blocking and system permission management. The system permissions are the settings of the mobile phone system. Generally speaking, there is no Too many security settings.
Then you will find that there are actually many places that require paid upgrades. However, there is no charge for online and offline reminders on the PC client device. Why do you have to pay for the mobile version? ? ? ? I don’t understand…
3. Key Points of Remote Security
Remote security is always under control, and remote fraud prevention is everyone’s responsibility! To summarize the five key points about remote security:
First, you must download genuine remote control software from official sources to avoid downloading software that is adulterated with many advertisements or has been tampered with.
For example, after searching on Baidu, first determine whether it is an official website. The official website will have a corresponding domain name in the form of 3w.xxx.com, such as https://www.todesk.com/ , rather than through some third party. Platform download
Second, do not accept remote invitations from strangers or enable remote screen sharing easily, and do not easily share the remote invitation information of your device with others.
Third, after receiving third-party remote support, individuals should change the verification code or password in a timely manner and develop the habit of frequently changing remote control passwords.
Fourth, the company should choose a safe and controllable enterprise version of remote control software and take special remote deployment and management measures. This part is mainly aimed at enterprise users with strong remote needs and daily hard remote needs.
Fifth, using a privacy screen can well protect privacy and security during remote processes; if there is no need for remote control, remember to turn off the personal computer and disconnect from the network.
There are many precautions and key links regarding remote control security. You can share your experience in the comment area.
4. Summary
In fact, the original intention of this article is to let everyone correctly understand safe remote control. It is not to simply abandon all the bad aspects, but how to avoid possible security threats, take precautions, understand that remote control is really safe, and use This analysis analyzes the security settings of three remote control software. I think the security of remote control software is: AnyDesk>ToDesk>向日葵.
AnyDeskThe security settings are the most comprehensive, but frequent crashes occurred during the actual test. After this optimization, there is no problem in terms of security. The trouble is that double verification requires the help of FreeOTP to scan the code. The price of foreign software is too high. and timely inconvenience; ToDeskthe security is relatively high, and it is at the forefront of domestic remote control software's praise. I am very satisfied with the custom privacy screen, privacy trigger mechanism, security reminder, etc.; in terms of security, double verification and cut and paste are 向日葵added Board restrictions and user logs, etc. It is said that the security is not bad, but in fact the frequency of crashes is very high, which delays things and the user experience is not very good.
In short, no matter in terms of functions, stability, cost performance and most importantly, security, I feel that ToDesk gives me a stronger feeling and is more suitable for daily use.