Comodo EasyVPN
Desktop Control
To configure how you allow others to gain access to your desktop from their Remote Desktop connection, click Desktop Control from the left hand side pane. You can configure for the following, from the Desktop Control interface.
Allow users to remotely connect to this computer - EasyVPN allows other people in your network to gain access to your desktop, only if this checkbox is selected. If you do not want others to access your desktop, simply deselect this check box.
Important Note: To allow others to access your desktop, you must be logged on EasyVPN.
Overview
The Access Control policy area allows you to determine which users are allowed to remotely connect to your machine and to specify what level of authentication is required of those users before access is granted. The upper pane displays a list of users and/or groups of users whilst the lower pane displays access privilege controls. Different access rights can be specified to different users/groups. To configure the access rights for a particular user or group, simply select that user in the upper pane then configure their rights in the lower pane. Initially, the only group listed in the upper pane is the group ‘All Others’ with an access policy of ‘Allow Remote Access when I click accept’. This is a secure default policy and effectively means that no users can gain control of your desktop remotely without you manually accepting the connection by clicking ‘OK’. It also means that nobody (including yourself) can access your computer without you (or somebody else) being sat in front of it to agree to the connection. Many users will, however, want to take control of their work or home computers without somebody having to be sat at that computer to physically accept the connection (and for this ability to be granted to certain trusted users in their network). While such automatic remote control is very convenient it also presents a security concern. You don’t want just anybody to be able to connect to your computer – only the people you choose and you also want to be sure of that person’s identity when they attempt to connect. For this reason, Comodo EasyVPN allows you to set up secure ‘Desktop Control Policies’ – meaning that users are only allowed to automatically connect to your PC if they (i) Authenticate themselves by providing a password (ii) Are authenticated via an email (access) certificate on their machine (iii) Are two– factor authenticated with BOTH password and certificate.
The remainder of this section covers:
To add new users/new groups to grant access to your desktop
1. Click the 'Add' button. The 'Choose User' dialog will open.
The Choose User dialog displays all the groups / users in your contact list under 'Contact' tab and all the users in your network(s) under the 'Network' tab.
2. Select the user / group from the 'Contact' tab or the user(s) from the 'Network' tab and click Add. The selected user / group will be added to the Remote User Access List.
3. Repeat the procedure for adding more number of users / groups.
To remove a user / group from the Remote User Access List
1. Simply select the user / group and click 'Remove'.
To configure the authentication type for the user / group
1. Select the user / group in the Remote User Access List in the upper panel.
2. Select the Authentication type from the lower panel. The options are explained below.
i. Allow remote access when I click Accept - If the user requests to gain access to your desktop, you will be prompted to Accept or Decline the request. The user can gain the access only if you accept the request.
ii. Allow automatic remote access - If you want EasyVPN to automatically grant access to your desktop for the selected user, select this option. You have to specify the authentication parameters for automatic access to make sure that only the selected user is accessing your desktop. Select the authentication type from the drop-down menu.
- Password Only - Enables you to set a password for this particular user to access your desktop.
To set password type authenticationa) Select 'Password Only' from the dropdown menu.
b) Click 'Password' button. A 'Set password' dialog will appear.
c) Type a password in the New Password text box and retype the password in the Confirm Password text box.
d) Click 'OK'.
This password has to be communicated to the contact. Every time the remote user tries to access your desktop, the user will be prompted to enter this password. On the entry of the correct password, EasyVPN will allow the remote-user to access your desktop, without asking for your confirmation.
- Certification Only - Enables the use of digital certificates to authenticate the remote-user that is attempting to gain access your desktop. Every time the contact attempts to gain remote access to your desktop, EasyVPN will request their digital certificate from their machine. EasyVPN will then authenticate the validity of the certificate by checking that the remote-contact has the corresponding private key installed (a fast but very important process that involves the successful exchange of a token piece of digitally signed data). Once the certificate has been verified the user will be allowed to remotely connect to your machine. You specify which certificate will be requested for each specific user by clicking the 'Choose..' button and browsing to the certificate you wish to use.
Background Note: It is important to know that your contacts should already have a client / email certificate installed for certification based authentication to work. They should also have passed this certificate to you by sending you an email that has been digitally signed with the certificate.You can also obtain a free email certificate and install in your system to authenticate yourself to others. For more details on obtaining the free digital certificate, see Appendix 1 - Obtaining a Digital Certificate.
To set certification type authentication
a) Select 'Certification Only' from the drop-down menu.
b) Click 'Choose' button to select an access certificate.
c) Select an access certificate from the 'Select Certificate' dialog and click 'OK'.
- Password and Certification - Enables true two-factor authentication by requiring remote-users to authenticate themselves using both password and digital certificates. On selecting this option, you have to specify both a password to be used by the selected user and select an email (access) certificate as explained above.
iii. Turn off Desktop Control for this group / user - If you want to block this user / group from accessing your desktop, select this option.
3. Click 'OK' for your settings to take effect.
The Performance slider enables you to set the speed / quality of the Desktop Control sessions when you take control of other user's desktop. Higher the access speed, lower the graphical depth and the display quality and vice-versa.
Hot Key to terminate the Active Desktop Control Sessions
You can specify a hot key combination to stop the running Desktop Control sessions immediately, The default combination is Ctrl+ Alt + F10. You can change this combination as you desire.
To set a hot key combination
1. Click 'Capture' and enter the key combination in the text box.
2. Click 'Apply' for your settings to take effect.
Comodo EasyVPN User Guide | © 2010 Comodo Security Solutions Inc. | All Rights Reserved.