Home > Articles > Home & Office Computing > Microsoft Windows Desktop

This chapter is from the book

This chapter is from the book

Windows .NET Server Security HandbookWindows .NET Server Security Handbook

Learn More Buy

This chapter is from the book

This chapter is from the book

Windows .NET Server Security HandbookWindows .NET Server Security Handbook

Learn More Buy

Requirements for Remote Assistance

There are several requirements that are needed by both the Helper and the Novice in order for Remote Assistance to work. These requirements include the following:

  • The Helper and the Novice computers must both be running Windows XP

  • In order to receive an acceptance notice of the invitation, the Helper must be connected to the Internet

  • Depending on the Invitation delivery method, the Novice will need either Windows Messenger, a MAPI Email program, or a means of delivery for a file

  • If the Helper or Novice is behind a firewall, the firewall will need to be configured to allow Remote Assistance traffic via outbound TCP port 3398

  • Proper configuration of Remote Desktop properties must be set if remote control is required

  • A strong password is needed by the Helper to establish the initial connection to the Novice

Although the requirements are few, a connection can be difficult to create if either the Helper or Novice is part of a corporate network. End-users behind a corporate firewall may require help in setting up remote assistance. This is due to the level of security needed to ensure data integrity in the enterprise. If Remote Assistance is necessary and your users cannot establish a connection due to current firewall settings, you will need to make sure that the firewall allows port (3398 Outbound TCP) from the client in order to successfully establish a connection.

Using Remote Assistance

Once you meet all the requirements for Remote Assistance to be possible, it is time to make the connection. Because security is such an important issue when dealing with the remote control of a computer, the Remote Assistance program necessitates more than just a simple point and click approach to establishing the connection. There are several checkpoints along the way that give the Novice (owner) the option of preventing the connection from being made.

Sending the Invitation

The first step in setting up a Remote Assistance session is to send a call for help.

  • Click on Start > Help and Support, which will open a window similar to figure 4-1.

    Figure 4-1Figure 4-1: Windows XP Help and Support Center


    TIP

    The Help and Support Center is new to Windows XP. It is designed to help the user easily and quickly access the many different aspects of Help available in the Windows OS.

  • Click on the link on the upper left Invite a friend to connect to your computer with Remote Assistance

  • Select the type of Invitation you wish to use to send to the technician

    • Windows Messenger: To use this option the Helper and Novice must have the MSN Messenger installed and have an active and open connection between the two messengers

    • Email: To use this option, the Novice and Helper must have a MAPI based email program on their computers (Outlook Express, Outlook)

    • File: To use this option, the Novice and Helper must have a means of delivery for the invitation file that will be created

    Figure 4-2Figure 4-2: The Remote Assistance Invitation methods


File Invitation

  • Enter a name

    TIP

    You should never use your real name when sending a Invitation. A pseudonym adds an extra layer of protection in case your Invitation is hijacked. Providing your real identity will only help a hacker find your computer more quickly.

  • Choose the time limitation

    TIP

    For security reasons, it is important to choose a limited time length availability. The shortest you can tolerate (while balancing convenience) is the best.

    Figure 4-3Figure 4-3: Identity and Expiration options for Invitation


  • Enter a strong password (i.e. any word not found in a dictionary, greater that 6 characters, and includes upper case, lowercase, numerical, and one of the following: !@#$%^&*()) that will be required when the Remote Assistance connection is made. You will need to provide the password to the Helper via another means of communication.

    CAUTION

    Although you can disable the password option, it is not recommended. This is in case the Invitation ends up in the wrong person's hands. Without a strong password, the Novice computer could be easily breached.

    Figure 4-4Figure 4-4: Remote Assistance password options window


  • Click Save Invitation to store the Invitation file on your hard drive or network

Email Invitation

  • Enter a name and message to be included in the Invitation email

    Figure 4-5Figure 4-5: Remote Invitation Email Message


  • You will be asked by Microsoft Outlook to allow the Remote Assistance program to check if the entered email address is in your address book. Click Yes to pass this.

    TIP

    Because of the increase in popularity of Microsoft Outlook address book as a vector for computer viruses, Windows XP will verify that the Remote Assistance program is permitted to access the address book.

    Figure 4-6Figure 4-6: Microsoft Outlook Express's Warning Message


    Figure 4-7Figure 4-7: Microsoft Outlook alert dialog box

  • Click Send Invitation

Chat Invitation

  • Open Microsoft Messenger chat program

  • Click Tools > Ask for Remote Assistance and click on the user you want to send the Invitation.

    Figure 4-8Figure 4-8: Sending Invitation via MSN Messenger Service


  • If the user is not listed, select Other... and enter the email address of the helper

    Figure 4-9Figure 4-9: Entering messenger address for Invitation

  • Enter the email address of the user to invite and click OK

  • Enter a message and click the Invite button

    Figure 4-10Figure 4-10: Sending the Remote Invitation via chat


Tracking Invitations

When you send an invitation from the Help and Support Center, it is logged and stored on your computer. This is to provide a means for Windows XP to verify that any incoming Remote Assistance connection request is valid. Windows XP also keeps tabs on any unanswered Invitations in order to allow you the ability to Expire, Resend, Delete, or learn more about the Details of the Invitation.

To access this list, you need to perform the following steps:

  • Click Start > Help and Support > Invite a friend to connect to your computer with Remote Assistance > View Invitation Status

    Figure 4-11Figure 4-11: Viewing Remote Assistance invitation statuses


  • Select one of the Invitation Options

    • Details: This option provides you will all the information about the Invitation. It tells you how the Invitation was sent and to whom it was sent if applicable. It also provides you with the expiration time, open status, password status, and message included.

      Figure 4-12Figure 4-12: Remote Assistance Invitation Details


    • Expire: This will simply change the status of the Invitation to 'Expired'

    • Resend: In case the recipient never received the Invitation, or it was sent to the wrong location, this option allows you an easy way to recreate the Invitation

    • Delete: As you can guess, this allows you to delete the Invitation. You may get a warning if the Invitation is still in 'Open' status.

Accepting the Remote Assistance Call

The first stage of security in Remote Assistance is the acceptance stage of the request for help. The request can only come via a file or email message.

There are three main ways to receive an invitation. Each of these will be covered in the following pages.

  • Chat: When an invitation is sent via a Windows Messaging program, the requested party must be online. In addition, the party must accept the Invitation. Figure 4-13 illustrates the message that arrives bearing the invitation as a link. To accept, click the highlighted Accept link. This will send a message back to the initiating computer to start the Remote Assistance program.

    Figure 4-13Figure 4-13: Receiving Remote Assistance request


  • Email: When you receive an email message containing a Remote Assistance request, the actual request is included as an attachment. The attached file is the same file that would have been created if the requesting party choose to manually create a file and send it to the remote party. However, there is a message that is included by default with the email message that outlines some of the issues surrounding Remote Assistance. Included in the message is a personal message from the sender. Figure 14 provides and example of a real request for Remote Assistance sent via email.

    CAUTION

    As the initial instant message dialog warns, you should never give out password or credit card information via a chat program. This is because you never know who is on the other end, and your information could be easily 'sniffed', or captured as it passes on the Internet.

    • Open the e-mail

      Figure 4-14Figure 4-14:


      CAUTION

      The email Remote Assistance comes as an attachment that must be downloaded to the computer and executed. Unless you are sure the request is legitimate and are expecting it, you should be wary about using it. It could be a virus or Trojan in disguise.

      Figure 4-15Figure 4-15: Open Attachment Warning for Remote Assistance file


    • Upon execution of the Remote Assistance invitation, a dialog with the sender's information will be displayed. If there is no password option, the sender did not require a password in the request for help. Otherwise, enter the password and click Yes. This will start the initiation of the connection. This is the second stage of security that is built into Remote Assistance.

      CAUTION

      The Second line of security defense that Remote Assistance uses is authorization. The file and email method both can require a password to make the connection. The chat method indirectly requires authentication because the request is made from a Windows Messenger account that itself requires authentication.

      Figure 4-16Figure 4-16: Remote Assistance Helper side connection verification


      Figure 4-17Figure 4-17: Remote Assistance Helper connecting screen

    • File: Accepting the file method only requires that the remote party receives the Remote Assistance file and that they double click it. This will open the same window as Figure 4-17.

Using the Remote Assistance Connection

At this point in the connection process, two security checkpoints have been crossed. On the one hand, the explicit setup and delivery of the request acts as a security filter to limit the session time and permissions on the requesting computer. On the other hand, the password option adds further security.

The next security checkpoint is the required active approval of the Remote Assistance connection by the Novice. Finally, the most critical security checkpoint is that needed to gain full control of the Novice's computer. This checkpoint is similar to the third in that it also requires an active acceptance of a request from the helper before control of the computer is passed to the helper.

To start the Remote Assistance session:

  1. Helper: Start the session by clicking on the file or the link sent by the Novice

  2. Novice: Accept the Remote Assistance connection

    Figure 4-18Figure 4-18: Accepted Chat invitation on Novice computer

    Figure 4-19Figure 4-19: Accepted Remote Assistance file invitation on Novice computer


  3. Session is Initiated and Remote Assistance screen is loaded on helper's computer; connection is established

    Figure 4-20Figure 4-20: The Remote Assistance Window while waiting for authorization from Novice


  4. Helper and Novice: Communicate via chat program that is built into Remote Assistance program

    Figure 4-21Figure 4-21: Remote Assistance screen on helpers computer during session


    Figure 4-22Figure 4-22: Remote Assistance chat session (Left is helper screen /Right is Novice Screen)


  5. Helper: If the problem can not be solved without remote control, the helper can initiate a command to give the helper remote control of the Novice computer

  6. Novice: Accepts or declines the request for Remote Control

    Figure 4-23Figure 4-23: Remote Assistance remote control warning


    CAUTION

    Users should be educated to exercise extreme caution before giving someone else remote control over their computer.

  7. Helper: Close the Remote Assistance – Web Page Dialog window and proceed

    Figure 4-24Figure 4-24: Remote Assistance dialog popup informing helper of acceptance of control request

  8. Helper or Novice: When the Novice's problem has been solved, click the Disconnect button to end the session

    Figure 4-25Figure 4-25: Remote Assistance control ended alert

As you can see, the Remote Assistance program is fairly straightforward. The security considerations are well thought out and with the proper configuration will help maintain a secure connection.

The next segment offers pointers that will keep your Remote Assistance sessions secure.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020