Security
A chain is only as strong as it's weakest link is a metaphor
Since PRemoteM is designed snappy and fast for work, it is not easy to make it balance between convenience and safety. Considering that our users are probably IT industry personnel with more or less of security awareness, we decided to pay more attention to convenience, leaving security to the system, security software, and good user habits to protect. Therefore, we will only provide the most basic information security, and will not provide functions such as activation lock.
Since this program is a resident background app that starts a session through the launcher (Alt + M). If you have to enter a password every time you turn on the launcher, the experience will be greatly reduced. Or if the password is only required when the program is started, then the security cannot actually be properly guaranteed. Taking these into account, we believe that it is bette for security guaranteed by the system, security software, and good user habits in long-term solution. As long as the user realizes that he should lock the system when he/she leaves the computer, PRemoteM does not have to put add any activation protect.And if the user does not have such security awareness, then even if we adds the activation password, the information may still be leaked through other ways.
Therefore we only provide the RSA encryption for database (account, password, etc.), and it is recommended to enable hard disk encryption (like Bitlockeretc.). This is to ensure that when the PRemoteM database is leaked or even the computer hard disk is cracked physically, the theft will still get notthings.
That the encryption function is disabled by default, you need to manually create your own RSA key in the settings to enable the encryption function.
A more recommended approach is to keep the database and key in a encrypted USB flash drive, and insert that USB flash drive before opening the software.
- Lock Windows when you left your computer.
- (Recommanded) Using BitLocker in Windows 10 to keep hard drive safe.
- (Recommanded) Using RSA private key for password protection.
- Take care of your RSA private key.
- In Setting -> Data & Security page
- click Encrypt button and select a proper place to store your Key File.
PRemoteM 设计的初衷在于希望用户能随时随地快速地开启新的远程会话,于是我们很难平衡便利性与安全性。考虑到 PRemoteM 的使用群体应当是对计算机安全有一定认知的业内人士,于是我们决定更多关注于便利性,而将安全性交给系统、安全软件、良好的用户习惯来保护。因此 PRemoteM 将只提供最基本的信息安全保障,不提供类似于启动密码之类的功能。
由于本程序是一个常驻后台,通过启动器(Alt + M)启动会话的远程管理工具,如果每次开启启动器都要输入密码,那么使用体验将大打折扣。而如果仅在程序启动时要求密码,那么安全性其实并未能够得到妥善保障。考虑到这些,我们认为安全性由系统、安全软件、良好的用户习惯保障才是长远之计。只要用户意识到在自己离开计算机时应当锁定系统,那么 PRemoteM 就不必为自己再加一层枷锁。而若用户没有这样的安全意识,那么就算 PRemoteM 加入了启动密码,信息仍有可能从其他方式被泄露。
于是我们只提供了数据库的的 RSA 加密功能(账号、密码等),同时推荐开启硬盘加密(like Bitlockeretc.) 。以确保 PRemoteM 数据库被泄露,或计算机硬盘遭到物理破解时,盗窃者依旧无法获取到其中的机密。
RSA 加密功能默认关闭,你需要在设置中手动创建自己的 RSA 密钥,开启加密功能。
一个较为推荐的做法是把数据库和密钥防在随身的加密 U 盘中,每次开启软件前先插入该 U 盘。
- 确保每次离开电脑后,系统都会被锁。
- (推荐) 开启 BitLocker in Windows 10。
- (推荐) 使用 RSA 加密保护你的数据。
- 同时要妥善保管你的 RSA 解密密钥。
设置方法:
- 在 设置 → 数据与安全 界面
- 点击 生成加密 按钮后,你的数据将被加密,请将生成的私钥妥善保管.