Manualshelf

Installation manual

ManualsBrandsApple ManualsComputersRemote Desktop
81828384858687888990
Administrator Application Security
Make use of user mode to limit what nonadministrator users can do with Â
Remote Desktop.
See Apple Remote Desktop Nonadministrator Access on page 74.
If you leave the Remote Desktop password in your keychain, be sure to lock your Â
keychain when you’re not at your administrator computer.
Consider limiting user accounts to prevent the use of Remote Desktop. Â
Either in a Managed Client for Mac OS X environment, or using the Accounts pane
in System Preferences, you can make sure only the users you designate can use
Remote Desktop.
Check to see if the administrator computer is currently being observed or controlled Â
before launching Remote Desktop (and stop it if it is).
Remote Desktop prevents users from controlling a client with a copy of Remote
Desktop already running on it at connection time, but doesn’t disconnect existing
observe or control sessions to the administrator computer when being launched.
Although this functionality is helpful if you want to interact with a remote LAN
that’s behind a NAT gateway, it is possible to exploit this feature to secretly get
information about the administrator, administrators computer, and its associated
client computers.
User Privileges and Permissions Security
To disable or limit an administrators access to an Apple Remote Desktop client, Â
open System Preferences on the client computer and make changes to settings
in the Remote Management pane in the Sharing pane of System Preferences.
The changes take eect after the current Apple Remote Desktop session with the
client computer ends.
Remember that Apple Remote Desktop keeps working on client computers as long Â
as the session remains open, even if the password used to administer the computer
is changed.
Don’t use a user name for an Apple Remote Desktop access name and password. Â
Make dummy accounts specically for Apple Remote Desktop password access
and limit their GUI and remote login privileges.
Password Access Security
Never give the Remote Desktop password to anyone. Â
Never give the administrator name or password to anyone. Â
Use cryptographically sound passwords (no words found in a dictionary; eight Â
characters or more, including letters, numbers and punctuation with no repeating
patterns).
Regularly test your password les against dictionary attack to nd weak passwords. Â
84 Chapter 6 Setting Up the Network and Maintaining Security