Community


Shared Secret

L B, User (Posts: 2)
Feb 04, 2014 5:23:49 am EST
Support level: Free or trial
Hi,

How is the "shared secret" feature supposed to work? Right now I set it on a host but I can still connect to the host with only the password entered in the viewer machine. Using Internet ID to connect, Windows 8 host, Windows 8.1 viewer.

Any input please?
Conrad Sallian, Support (Posts: 3074)
Feb 04, 2014 5:44:47 am EST

L B wrote:
Hi,

How is the "shared secret" feature supposed to work? Right now I set it on a host but I can still connect to the host with only the password entered in the viewer machine. Using Internet ID to connect, Windows 8 host, Windows 8.1 viewer.

Any input please?

Hello,

The purpose of shared secret is not to replace authorization. It's for checking the identity of the Host. That is, if you have shared secret enabled on your Host, but don't have it enabled in your Viewer (or rather a specific connection on your Viewer), you'll still be able to connect. But not the other way around - that is, if you have a shared secret field populated in your connection properties on the Viewer, but the Host has an empty field (or a different shared secret for that matter), you won't be able to connect.

So the identity check starts at the Viewer side. If the shared secret field in the connection properties in the Viewer is disabled, then no identity check takes place at all, regardless of the Host's shared secret field value. Because the program rightfully suggests that if you didn't enter anything in the connection properties shared secret field, you do not need identity check, and hence there's no reason for not allowing remote connection. But IF there is at least any value in the shared secret field in the connection properties in the Viewer, then the program MUST check it against Host's shared secret value.  
L B, User (Posts: 2)
Feb 04, 2014 9:02:54 am EST
Support level: Free or trial

Conrad Sallian wrote:

L B wrote:
Hi,

How is the "shared secret" feature supposed to work? Right now I set it on a host but I can still connect to the host with only the password entered in the viewer machine. Using Internet ID to connect, Windows 8 host, Windows 8.1 viewer.

Any input please?

Hello,

The purpose of shared secret is not to replace authorization. It's for checking the identity of the Host. That is, if you have shared secret enabled on your Host, but don't have it enabled in your Viewer (or rather a specific connection on your Viewer), you'll still be able to connect. But not the other way around - that is, if you have a shared secret field populated in your connection properties on the Viewer, but the Host has an empty field (or a different shared secret for that matter), you won't be able to connect.

So the identity check starts at the Viewer side. If the shared secret field in the connection properties in the Viewer is disabled, then no identity check takes place at all, regardless of the Host's shared secret field value. Because the program rightfully suggests that if you didn't enter anything in the connection properties shared secret field, you do not need identity check, and hence there's no reason for not allowing remote connection. But IF there is at least any value in the shared secret field in the connection properties in the Viewer, then the program MUST check it against Host's shared secret value.

Thanks for replay.

To me this feels it should be the other way instead. Why would I need to check identity of the Host, I already connect to it with an IP or ID so I don't see the benefits of it (but I might miss something here).

Instead if the Host would require the Viewer to know the shared secret, it would add an extra layer of security and I think that is the way what most people would expect it to work in.

What is the recommended setup to make a connection as secure as possible? Is it a long password and only allow certain ip addresses then?
Conrad Sallian, Support (Posts: 3074)
Feb 04, 2014 4:01:04 pm EST

To me this feels it should be the other way instead. Why would I need to check identity of the Host, I already connect to it with an IP or ID so I don't see the benefits of it (but I might miss something here).

This is to avoid situation when a different Host (patched by a hacker) is planted on a computer with the only purpose to find out your password when you try to connect to Host.

Instead if the Host would require the Viewer to know the shared secret, it would add an extra layer of security and I think that is the way what most people would expect it to work in.

That's what authorization is for. Authorization and identity check are two different things. Shared secret is not for making the connection more secure. It's for the Viewer to know that it is connecting to the Host it (the Viewer) thinks it is connecting to.

What is the recommended setup to make a connection as secure as possible? Is it a long password and only allow certain ip addresses then?

Long password and incoming IP filter (white list) is enough for good security. To ensure security on the Viewer side, never use the "save password" option.

Hope that helps.  

* Website time zone: America/New_York (UTC -5)