How can I search and find agents that have a connection to the Internet?



  • My boss has asked me to make sure nobody that isnt in IT has any remote desktop programs that connect to the cloud and bypass us directly. Examples of this would be Logmein, Pertino, and others.

    What would be the quickest way to search for these programs?



  • No simple answer. Most products like Pertino, are just going to an SSL site on 443. So to block that requires blocking all HTTPS.

    You need an advanced firewall to do this or good proxy.



  • @scottalanmiller said:

    No simple answer. Most products like Pertino, are just going to an SSL site on 443. So to block that requires blocking all HTTPS.

    You need an advanced firewall to do this or good proxy.

    We dont want to block them, we just want to find them if they exist.



  • That's even harder. Because how can you even define them? Pertino is just a website. LogMeIn is just a website. And those are big services. What about private relays like those that people have at home?

    It is an extremely difficult thing to do.



  • Websense can probably do this reporting with moderate accuracy.



  • I dont think its a big problem. None of our users have admin rights except IT. This includes the CEO and all the other Execs.



  • @IRJ said:

    I dont think its a big problem. None of our users have admin rights except IT. This includes the CEO and all the other Execs.

    If that is the case, physically ask the IT staff what they have installed.



  • @scottalanmiller said:

    @IRJ said:

    I dont think its a big problem. None of our users have admin rights except IT. This includes the CEO and all the other Execs.

    If that is the case, physically ask the IT staff what they have installed.

    I already talked to my boss about it. He talked with the Executives today and they had some security questions or concerns. LogmeIn was mentioned, but the main thing was getting a better web filter.



  • @scottalanmiller

    I was able to serach PDQ Inventory and find some instances of LogmeIn. They are looked to be IT related.



  • @IRJ said:

    @scottalanmiller

    I was able to serach PDQ Inventory and find some instances of LogmeIn. They are looked to be IT related.

    LogMeIn needs no local install nor admin privileges. How is PDQ searching for them?



  • @scottalanmiller said:

    @IRJ said:

    @scottalanmiller

    I was able to serach PDQ Inventory and find some instances of LogmeIn. They are looked to be IT related.

    LogMeIn needs no local install nor admin privileges. How is PDQ searching for them?

    Apparently an agent is installed



  • Untitled.png



  • @IRJ said:

    @scottalanmiller said:

    @IRJ said:

    @scottalanmiller

    I was able to serach PDQ Inventory and find some instances of LogmeIn. They are looked to be IT related.

    LogMeIn needs no local install nor admin privileges. How is PDQ searching for them?

    Apparently an agent is installed

    An agent can be optionally installed. I use it both ways. You have to be an admin to install it. So by making people not be admins, you've guaranteed that PDQ will only find it when admins have installed it, not when normal people are using it.



  • @scottalanmiller said:

    @IRJ said:

    @scottalanmiller said:

    @IRJ said:

    @scottalanmiller

    I was able to serach PDQ Inventory and find some instances of LogmeIn. They are looked to be IT related.

    LogMeIn needs no local install nor admin privileges. How is PDQ searching for them?

    Apparently an agent is installed

    An agent can be optionally installed. I use it both ways. You have to be an admin to install it. So by making people not be admins, you've guaranteed that PDQ will only find it when admins have installed it, not when normal people are using it.

    That makes sense. I never really used Logmein.



  • The agent is new too. Just a month old. There no agent option before that except for Ignition.



  • Hold the phone...

    Scott you could setup your computer at the office with Logmein while logged in as a non admin, then go home and still access it remotely? I've always had to preinstall an agent on the client I want to control before I could do this.



  • Remote controlling out is another story, If I have the client install at home, I can control my home computer from work simply by using the website nothing need be installed on my machine.



  • @Dashrender said:

    Hold the phone...

    Scott you could setup your computer at the office with Logmein while logged in as a non admin, then go home and still access it remotely? I've always had to preinstall an agent on the client I want to control before I could do this.

    No. There is no agent for the accessing side. There always has to be a root install to be the server machine.



  • @scottalanmiller said:

    @Dashrender said:

    Hold the phone...

    Scott you could setup your computer at the office with Logmein while logged in as a non admin, then go home and still access it remotely? I've always had to preinstall an agent on the client I want to control before I could do this.

    No. There is no agent for the accessing side. There always has to be a root install to be the server machine.

    I'm pretty sure that is what IRJ was saying



  • @Dashrender said:

    @scottalanmiller said:

    @Dashrender said:

    Hold the phone...

    Scott you could setup your computer at the office with Logmein while logged in as a non admin, then go home and still access it remotely? I've always had to preinstall an agent on the client I want to control before I could do this.

    No. There is no agent for the accessing side. There always has to be a root install to be the server machine.

    I'm pretty sure that is what IRJ was saying

    Oh, I thought that he was looking for ways that things were reaching out - finding how people at work were reaching the Internet when they were not supposed to.



  • aww.. we read the question different ways. I read it as sharing their work to outside computers
    and you read it as
    reaching out to a computer somewhere on the internet and using that as a jumping point to the internet.

    OP?


Log in to reply