Download a GoToMyPC free trial
GoToMyPC (owned by Citrix Online) uses an ASP model designed to ensure robust and secure operation while integrating seamlessly with a company’s existing network and security infrastructure.
GoToMyPC has a Secure Facility
All GoToMyPC Web, application, communication and database servers are hosted in a highly secured data center. Physical access to servers is restricted.The entire site sits in a locked cage that is monitored by cameras. Citrix Online’s network operations center (NOC) in Santa Barbara, California, is similarly protected with strict security measures.
GoToMyPC uses a Secure Network
Citrix Online’s access routers are configured to watch for denial of service (DoS) attacks and log-denied connections. Multi-layer perimeter security is provided by a pair of firewalls: one between the Internet and Web servers, another between the GoToMyPC broker and back-end databases.The security of this architecture has been independently confirmed by penetration tests and vulnerability assessments conducted by TruSecure Corporation. Citrix Online has achieved TruSecure SiteSecure Certification, an industry-recognized security assurance program that certifies all aspects of information security, ranging from network and system analysis and assessment to physical and policy evaluation. Quarterly perimeter tests ensure that Citrix Online continues to meet all SiteSecure Certification requirements.
GoToMyPC uses a Secure Platform
Citrix Online servers run on hardened Solaris 8 with the latest security patches installed.The entire service delivery platform is SunToneSM certified for quality and reliability. Servers have been penetration tested, and system logs are continuously audited for suspicious activity.
GoToMyPC provides Secure Administration
Citrix Online servers are administered over a private T1 linking the secure data center to Citrix Online’s NOC in Santa Barbara. Secure Shell (SSH) supports authenticated and encrypted remote log-in access by Citrix Online’s NOC staff. An intermediate server handles and authenticates all SSH connections, thereby avoiding open ports and ensuring very tight access control.
GoToMyPC uses Scalable and Reliable Infrastructure
The Citrix Online infrastructure is both robust and secure. Redundant routers, switches, server clusters and backup systems are used to ensure high availability. For scalability and reliability, switches transparently distribute incoming requests among Citrix Online Web servers. For optimal performance, the GoToMyPC broker load balances the client/server sessions across geographically distributed communication servers.
GoToMyPC Protects Customer Privacy
Citrix Online understands that all enterprises that outsource service delivery are concerned about privacy. Citrix Online has a strong privacy policy that prohibits unauthorized disclosure of personal or corporate information to any third party.
GoToMyPC has a Published Privacy Policy
Citrix Online’s published privacy policy is included in every GoToMyPC service agreement.This policy identifies the information gathered, how it is used, with whom it is shared and the customer’s ability to control the dissemination of information. Citrix Online is a TRUSTe licensee, adheres to established TRUSTe privacy principles and has agreed to comply with the TRUSTe oversight and consumer resolution process.
GoToMyPC ensures Traffic and Credential Privacy
Citrix Online’s enterprise solution, GoToMyPC Corporate, gives account administrators access to real-time and summary usage records associated with their companies’ accounts, but not to the traffic exchanged during individual remote-access sessions, nor to the access codes or other credentials required to launch a connection. In fact, although GoToMyPC communication servers relay traffic between the client browser and host computer, these packets are encrypted. Citrix Online cannot decipher this traffic because it does not possess the access code used to generate encryption keys. Even if a hacker were to gain access to Citrix Online’s servers, computer access codes are not stored there and individual session traffic is not recorded, so live-session traffic cannot be compromised.
GoToMyPC uses a Secure Management Interface
The Administration Center is accessible from any Web browser.To reduce unauthorized log-in attempts, the Administration Center URL is not published. Once an organization establishes a GoToMyPC Corporate account, the administrator is provided with access instructions.The GoToMyPC server is authenticated with an X.509 digital certificate.The administrator sub-authenticates by username/password.Thereafter, SSL with 128-bit RC4 encryption protects all management traffic from disclosure or modification in transit.
GoToMyPC is Compatible with Firewalls
GoToMyPC is firewall friendly. It generates only outgoing HTTP/TCP to ports 80, 443 and/or 8200. Because most firewalls are already configured to permit outgoing Web traffic, you do not have to bypass or compromise your corporate or branch office firewall or your remote worker’s firewall to implement secure remote access with GoToMyPC.
GoToMyPC Guards Computer Access
To be accessed remotely, your network computers must have the GoToMyPC software installed and running on them. Installing GoToMyPC requires physical access to the computer. It is not possible to remotely install GoToMyPC or use a Trojan to "plant" it on a computer. With GoToMyPC Corporate, administrators can even require pre-authorization of client and/or server systems after installation but prior to a connection. By individually fingerprinting each system’s hardware, GoToMyPC optionally gives the IT department fine-grained control over the specific computers that can be accessed and the location from which each computer can be accessed.
GoToMyPC Protects Your Confidential Data
GoToMyPC uses a highly compressed, encrypted stream to ensure data confidentiality without sacrificing performance. All traffic between the GoToMyPC browser client and host PC, including screen images, file transfers, copy/paste operations, keyboard/mouse input and chat text, is protected with end-to-end 128-bit AES encryption.
GoToMyPC uses Advanced Encryption
GoToMyPC uses 128-bit Advanced Encryption Standard (AES) in Cipher Feedback Mode (CFB). In early 2001, after an extensive four-year evaluation process, the National Institute of Standards and Technology (NIST) selected AES as a successor to DES. Originally known as Rijndael, AES was selected because of its computational efficiency, modest memory requirements, flexibility, simplicity and, of course, security. AES is now the U.S. government’s designated cipher for protecting sensitive information.
GoToMyPC uses Strong Encryption Keys
Even a strong cipher is vulnerable if it does not use strong, confidential encryption keys. GoToMyPC generates unique secret keys for each connection that are derived from the computer access code and a large, random bit sequence. The access code resides on the computer in encrypted format and is never transmitted to or stored on Citrix Online servers.Would-be hackers cannot intercept or generate the keys necessary to decode encrypted data.
GoToMyPC Protects Against Message Replay and Modification
Screen sharing and file-transfer packets include a sequence number to prevent an attempted message replay attack. These packets carry highly compressed binary data that are framed in a proprietary protocol and encrypted with AES. A hacker cannot modify these packets without corrupting them. Chat packets carry text, which is also encrypted with AES. Because it is possible to modify encrypted text without corrupting it, chat packets also carry a signed MD5 hash to ensure message integrity.
GoToMyPC also uses End-to-End Authentication, Long / Complex Passwords, Limited Number of Log-In Attempts, Multiple, Nested Passwords, defeats Man-in-the-Middle Attacks and provides OS-Level Access Control.
GoToMyPC uses inactivity Time-Outs
Users walk away from public PCs without logging out and leave home PCs unattended. GoToMyPC addresses these threats by applying inactivity time-outs. Users are automatically logged out of the GoToMyPC Web site if their SSL connection is inactive for several minutes. Users can also configure the Viewer to time out after a period of inactivity, subject to limits set by the administrator. Additionally, host security features allow users to blank the host screen and lock the host keyboard and mouse from accepting input.The most robust version of GoToMyPC Corporate enables administrators to require use of these security features - for example, setting a maximum time-out or preventing user modification.
GoToMyPC provides Detailed Connection Logs
The GoToMyPC broker logs additional information for each connection, including the last user access time, type of browser (user agent), download status for the viewer, communication server ID, who closed the connection (server/client/broker/time-out), a close error code and the build number of the computer.This information is intended to aid problem diagnosis; access is limited to Citrix Online customer support on an as-needed basis.
GoToMyPC uses Access Notifications
Whenever a client connects to a computer running GoToMyPC, a notice appears on the computer’s screen.This notification makes sure that the computer’s owner is always aware of the GoToMyPC connection, preventing a "lurker" from silently watching local desktop activity. Upon each browser client log in, the user is always notified of his or her last log-in attempt.This notification reassures the user that no unauthorized access has taken place during the interim. In addition, users can view their own connection histories, including the number of failed log-in attempts, to confirm that there has been no suspicious activity.
• This GoToMyPC Security Overview includes what I feel are GoToMyPC’s best security features and it includes most of them. However, if you would like to read more about the advanced security features of GoToMyPC, you can download the entire GoToMyPC Security pdf from their website.
