Maintaining security – Apple Remote Desktop 2.2 User Manual
Page 50
50
Chapter 2
Setting Up
•
Consider using switches instead of hubs.
•
If you are going through routers, ensure that you have a high Maximum Transmission
Unit (MTU) setting (typically 1200 or higher), and make sure that you don't have the
router fragmenting packets.
Maintaining Security
Remote Desktop can be a powerful tool for teaching, demonstrating, and performing
maintenance tasks. For convenience, the administrator name and password used to
access Remote Desktop can be stored in a keychain or can be required to be typed
each time you open the application. However, the login name and password for each
client computer are stored in the administrator’s preferences and are strongly
encrypted.
Securing the Administrator Application
•
Make use of User Mode to limit what non-administrator users can do with ARD.
See “Limiting Features in the Administrator Application” on page 51.
•
If you leave the Remote Desktop password in your keychain, be sure to lock your
keychain when you are not at your administrator computer.
•
Consider limiting user accounts to disallow the use of Remote Desktop.
Either in a Managed Client for Mac OS X (MCX) environment, or using the Accounts
pane in System Preferences, you can make sure only the users you designate can use
Remote Desktop.
User Privileges and Permissions Security
•
To disable or limit an administrator’s access to an ARD client, open System
Preferences on the client computer and make changes to settings in the Remote
Desktop pane in the Sharing pane of System Preferences. The changes take effect
after the current ARD session with the client computer ends.
•
Remember that ARD keeps working on client computers, as long as the session
remains open, even after the agent user password is changed.
Password Access Security
•
Never give the Remote Desktop password to anyone.
•
Never give the administrator name or password to anyone.
•
Use cryptographically sound passwords (no words found in a dictionary, 8 characters
or more, and include letters, numbers and punctuation with no repeating patterns).
•
Quit the Remote Desktop application when you have finished using it. If you have
not stored the Remote Desktop password in your keychain, the application will
prompt you to enter the administrator name and password when you open it again.