EnglishFrenchGermanPolishSpanishTurkishRussianItalianDutchDutch

Remote Desktop


Overview

Remote control of a computer over the Internet usually makes people think of hackers who take over control of a victim's system in order to perform further mischief. But you can also imagine more lawful applications of remote computer control like:

There are many so called 'Remote Desktop' software packages which virtually connect your local screen and keyboard with a distant machine:

How it works?

The controlling computer (client) displays a copy of the controlled computer's (server) screen. Usually the copy is updated when a change on the server screen happens. Client also transmits its own keyboard and mouse events to the server where actions are implemented. The server then behaves as if the actions were performed locally.


Concerns


Remote Desktop Access

Very often a remote computer you want to control is located behind a router/firewall isolating corporate or home network from the Internet. Normally such a computer can be addressed only by a local network address like 192.168.xxx.xxx which is not routeable over the Internet. Put another way, you cannot access it from outside.

If the local network is small and if you can configure the router you can set up port forwarding in order to pass connections from the router to single computer in the network for example:

Port forwarding is not perfect because one port number can be forwarded only to one computer in the network. Moreover typical home and office networks use dynamic IP allocation (DHCP) what quickly makes the router's forward configuration obsolete.


Remote Desktop and dynamic IP

Remote Desktop access is hampered by DHCP not only within the local network. When Internet Provider uses DHCP to assign public IP addresses to their clients, you can be sure that sooner or later the initial IP address you saved will change. Once it happens you are cut off from the remote machine until you find out the new address. This can be done only with direct access to the remote computer what defeats the purpose of Remote Desktop.


Remote Desktop Security

Most of the Remote Desktop protocols were not designed with security in mind. Those that were, contain serious flaws what disqualify them from unprotected use. For example:


Solution

Octopus Tunneling solves the issues mentioned above:


Octopus Tunneling

This section is also available as a separate article

Overview

Octopus Tunneling allows forwarding traffic from one tunnel to another.

The tunnels from which data is forwarded may belong to one user (identified by client ID and individual certificate) or to two different users. In order to avoid confusion we are going to call them peers.

Octopus Tunneling is not confined to one-to-one links. You can define as many peers as you want and in this way create a network of trusted devices and users who can see each other as if they are in the same local network. It has the following implications:

Needless to say, all data is encrypted and Octopus Tunneling inherits all benefits of regular SecurityKISS Tunnel.


How it works

This solution goes back to the roots and allows configuring the real VPN (Virtual Private Network) for a group of users.

Normally SecurityKISS Tunnel is used to create encrypted one-to-one links between clients and the server. On the server client's IP address is replaced, data is decrypted and sent to destination.



Figure 1. Regular SecurityKISS Tunneling

Although very useful it distorts the VPN original idea which is to allow clients safely connect to each other and feel like at home even if they are geographically dispersed.

Since SecurityKISS users generally do not know each other, we can not permit such direct links by default. Instead we authorize individual users to request and approve forwarding between selected clients so that they have full control over who can be linked with them directly via Octopus Tunneling.



Figure 2. Octopus Tunneling - forwarding

In Figure 2 client 1 and client 3 become peers. Both peers must agree on forwarding. Only then the link is created.

Apart from securing the link between two or more peers, Octopus Tunneling has a critical advantage over alternatives. While many ways exist to set up a safe point-to-point connection between nodes with public IP, Octopus Tunneling makes it possible at all if both peers are behind NAT/Firewall.



Figure 3. Two peers behind NAT/Firewall

In Figure 3 direct communiction between peers is not possible because both peers are behind NAT/Firewall

With Octopus Tunneling firewalls are transparent because both underlying connections are initiated from the peers. There is no need to set up port forwarding or configure firewalls in any other way.



Figure 4. Forwarding with SecurityKISS go through the NAT/Firewall


Setup

SecurityKISS solution is unique because in contrast to others it allows end users to decide who can join their network. SecurityKISS users become administrators of their own Virtual Private Networks.

The administration is straightforward - you only need to request or accept forwarding to a selected client ID on a selected server in the Client Panel.

SecurityKISS customers get access to Client Panel along with the account activation email. Free users need to send an email request with client ID to support@securitykiss.com in order to generate password.

Once you can log on to the Panel see Octopus Tunneling Forward Configuration Manual for details.