While practicing Tom’s nmap video on my own LAN to see what’s what, I noticed UltraVNC installed in my wife’s work laptop. I’m assuming their IT department put it there for remote management (though why not RDP, I don’t know).
Problem is, my wife is in HR and handles sensitive data all day.
Would someone be able to connect to her desktop remotely, without her being aware?
A little research shows that it’s possible by removing the icon. This has me concerned as the VNC icon is not directly visible on the toolbar, it’s tucked up inside the collapsing icons thingie. So if the only warning is a change in the icon, it would be very easy to miss.
I don’t have a Windows machine anywhere else to try things on, so some pointers on how to detect such a remote connection, settings to require user approval etc would be great.
EDIT: Found some settings to request approval and refuse in xx seconds in the admin settings. It was NOT set… Never trust your IT, folks, be your own IT
It will surely be harder if she MUST connect via a work VPN to access the internet, all data ought to be kept on servers and not locally. If she keeps local data and accesses the internet openly there is clearly a risk.
Legally, I suppose, follow company policy and only use a work laptop for work.
I know what you mean, however, you’re on shaky ground if it goes wrong, it can be grounds for dismissal, obviously depends on your contract but always best to follow company policy to the letter.
Being the HR Manager, she’s in a position to create a fuss and have it locked down
The problem is, being the Manager, she has access to payroll data and the rights to manipulate it - somebody being able to access her computer without her being aware of it is a MAJOR security flaw. I wouldn’t want to be the IT guy on Monday
Companies really don’t have any choice but to trust the people who do their IT to treat sensitive information properly. Whether internal or external the IT admins have to have access to those system to keep them working.
My company is an outside managed service provider as we have access to thousands of systems so we can admin them. We log all access from any of our techs in case their is every a question but without that access we can’t really do our jobs.
RDP can’t do everything, I’ve encountered a few times where I was trying to do something and the software said that I can’t do this over RDP. Switch to VNC and all’s good.
I think UltraVNC can use access permission in a different way than just a password to grant access, just because no password is set doesn’t mean you can get right in. A quick search suggested that ACL can be used to control a bunch of stuff.
But I agree it could be bad considering the data that could be grabbed. She should ask the IT department what’s up and maybe ask them to demonstrate how it is secured.
Never trust your IT, folks, be your own IT 
