Manualshelf

Installation manual

ManualsBrandsApple ManualsComputersRemote Desktop
81828384858687888990
Chapter 6 Setting Up the Network and Maintaining Security 85
Quit the Remote Desktop application when you have nished using it. If you haven’t Â
stored the Remote Desktop password in your keychain, the application prompts you
to enter the administrator name and password when you open it again.
Physical Access Security
If you have stored the Remote Desktop password in your keychain, make sure the Â
keychain is secured and the application isn’t running while you’re away from the
Remote Desktop window.
If you want to leave the Remote Desktop application open but need to be away Â
from the computer, use a password-protected screen saver and select a hot corner
so you can instantly activate the screen saver.
Remote Desktop Authentication and Data Transport
Encryption
Authentication to Apple Remote Desktop clients uses an authentication method
based on a Die-Hellman Key agreement protocol that creates a shared 128-bit key.
This shared key is used to encrypt both the name and password using the Advanced
Encryption Standard (AES). The Die-Hellman key agreement protocol used in Remote
Desktop 3 is very similar to the one used in personal le sharing, with both of them
using a 512-bit prime for the shared key calculation.
With Remote Desktop 3, keystrokes and mouse events are encrypted when you control
Mac OS X client computers. All tasks—except Control and Observe screen data and
les copied using Copy Items and Install Packages—are encrypted for transit (you can
encrypt these as well, by changing your application preferences). This information is
encrypted using the Advanced Encryption Standard (AES) with the 128-bit shared key
that was derived during authentication.
WARNING: If you’re using Apple Remote Desktop to manage computers over public
networks, consider using a virtual private network (VPN) solution to protect your
information.
Encrypting Observe and Control Network Data
Although Remote Desktop encrypts authentication information, keystrokes, and
management commands by default, you may want additional security. You can
choose to encrypt all network trac, including Observe and Control trac, at a certain
performance cost.