Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
www.jatit.org
ABSTRACT
One of the trends we have been observing for some time now is the blurring of divisional lines between
different types of malware. Classifying a newly discovered 'creature' as a virus, a worm, a Trojan or a
security exploit becomes more difficult and anti-virus researchers spend a significant amount of their
time discussing the proper classification of new viruses and Trojans. Depending on the point of view,
very often, the same program may be perceived as a Remote Administration Tool (RAT) allowing a
potentially malicious user to remotely control the system. A Remote Administration Tool is a remote
control software that when installed on a computer it allows a remote computer to take control of it. With
remote control software you can work on a remote computer exactly as if you were right there at its
keyboard. With fast, reliable, easy-to-use pc from remote control software, it lets you save hours of
running up and down stairs between computers. Remote control software allows you to take control of
another PC on a LAN, WAN or dial-up connection so you see the remote computer's screen on your
monitor and all your mouse movements and keystrokes are directly transferred to the remote machine.
Remote control software provides fast secure access to remote PC’s on Windows platforms. Hackers and
malware sometimes install these types of software on a computer in order to take control of them
remotely. Many remote administrator tools exist in the market and it is difficult to choose what you need.
As you are an IT support, you need to choose the software which leads your IT skills. After you
determine how much you want to manage remotely, the next step is to select the tools and supporting
components you need to accomplish your remote management tasks. Our paper entails evaluating many
remote control software which help you to select the remote administrator tools.
Keywords— Remote Administration Tool (RAT), LAN, WAN, control, WMI, RPC, Web.
1. INTRODUCTION
necessity. Letting employees tap into the office
ompanies are looking for ways to provide
C local area network “LAN” from customer sites,
cost-effective network access to their remote and
hotels, internet cafe and airport kiosks can greatly
mobile employees. For chronic problems PCs,
increase business efficiency, productivity and job
applications as remote assistant “remote
satisfaction. But mobile empowerment has a price,
administrator” can save time by giving you access
measured in IT administration and network
and control a remote PC via either a network or a
security.
dial-up connection. If your friend’s or relative’s
PC is running Windows XP professional, you can As more Information Technology departments
access the system remotely for free with a centralize and consolidate to reduce cost, many
computer running any version of windows, remote sites are left with no on-site IT support.
including Windows 95. Remote administration of computers is
increasingly common because of the significant
Today, providing remote and mobile workers
cost benefits; many tasks can be automated, and
with secure remote access to corporate networks is
the administrator does not have to physically visit
no longer luxury; it has become a business
each computer [1]. In their whitepaper on Remote
140
Journal of Theoretical and Applied Information Technology
www.jatit.org
141
Journal of Theoretical and Applied Information Technology
www.jatit.org
is installed. Unlike PCAnywhere, of their parameters, when the server name is empty
RemotelyAnywhere requires no special client “NULL”, the API operates on the local server, and
software to be installed on your local machine. when a server name is specified, the API operates
on the specified remote server. For instance, all
RemotelyAnywhere is packed with robust APIs with names starting with Net such as
features such as a dashboard view of system NetShareEnum() belong to this class of APIs.
diagnostics, built in FTP and SSH server When used to administer a remote server, these
functionality “in the Server Edition”, and superior APIs use the MSRPC protocol, “Microsoft
security and auditing mechanisms for HIPAA, implementation of the DCE RPC standard” with
Sarbanes Oxley and other regulatory compliance. the SMB transport. SMB is the core protocol of
Windows networks and operates on both port
Requiring far less configuration than 139/tcp and 445/tcp. When used as a transport for
PCAnywhere, RemotelyAnywhere allows easy MSRPC, named pipes inside the IPC$ share are
and secure access from a Web browser to the used as RPC services endpoints. [4]
remote systems you manage [3].
Microsoft Remote Procedure Call “RPC” is an
RemotelyAnywhere provides you with fast and interprocess communication “IPC” mechanism
secure remote access to your corporate network. that enables data exchange and invocation of
functionality residing in a different process. That
Built from the ground up to seamlessly integrate
process can be on the same computer, on the local
with and complement existing Windows security
area network “LAN”, or across the Internet. The
structures, it provides easy access to the corporate Microsoft RPC mechanism uses other IPC
LAN without enlarging its security perimeter. mechanisms, such as named pipes, NetBIOS, or
With its easy maintenance and anytime anywhere Winsock, to establish communications between
technology, RemotelyAnywhere provides a very the client and the server. With RPC, essential
low total cost of ownership. program logic and related procedure code can
exist on different computers, which is important
The rest of this paper is organized as follows, for distributed applications.
the different techniques used in remote
Administration Tools, are discussed in section B. WMI “Windows Management
two. An Analysis of competitive comparasion Instrumentation”
between remote administrator tools is discussed in
section three, followed by Conclusions and Future WMI “Windows Management Instrumentation” is
Enhancements in section four. the management framework available in recent
Windows systems. WMI is built on the COM
“Component Object Model” infrastructure and can
2. DIFFERENT TECHNIQUES USED IN thus operate remotely, using DCOM “Distributed
REMOTE ADMINISTRATION TOOLS COM” [5]. In addition, several WMI-based
administration tools are available by default on
The purpose of this section is to present the Windows systems to administer remote systems
different methods and tools frequently used to using WMI.
administer remote Windows systems, and which
let you able to access a command prompt and Windows Management Instrumentation is an
perform basic system administration, such as view infrastructure that enables you to access and
and/or start/kill processes or services, reboot modify standards-based information about objects,
machines and view system logs, observe what is such as computers, applications, and network
happening on the display, and even run GUI based components, in your enterprise environment.
programs all remotely, that depends on each Using WMI, you can create powerful
features of these remote administrator softwares. administration applications to monitor and respond
to specific events in your environment. For
A. MSRPC “Win32 legacy management APIs” example, you can create applications to check
The traditional method to administer remote CPU usage on your Windows Server 2003, based
Windows systems is to use Win32 legacy servers and warn you when it exceeds a specified
management APIs. These APIs can be easily level. Although WMI is a powerful tool for
identified because they take a server name as one
142
Journal of Theoretical and Applied Information Technology
www.jatit.org
building customized applications, it does require a With Remote Desktop, you can connect to your
certain amount of developing time and expertise. work computer from home and access all of your
programs, files, and network resources as though
Windows Management Instrumentation you were actually sitting in front of your computer
Command-line “WMIC” provides a simplified at work.
interface to WMI. By using WMIC, you can
access WMI based information using the D. CLI-oriented tools
command line or scripts. You can use WMIC from
any computer where WMIC is enabled to manage CLI “Command Line” remote administration tools
any remote computer. WMIC does not have to be are sometimes needed, for instance to execute non-
available on the remote computer. interactively system administration scripts [6].
Currently, testers of the Windows Management PsExec is a convenient tool for Windows systems
Instrumentation “WMI” conduct tests through a administrators because it allows to execute
proprietary GUI interface, which does not allow processes on a remote system, provided the server
for negative testing or the logging of events and service is available “TCP ports 445 or 139” and
methods. that you have local administrator credentials on the
remote system [7].
C. GUI-oriented tools build in windows
PsExec first copies its executable, psexesvc.exe,
Many Windows system administrators tend to use contained in the psexec.exe binary, using SMB,
graphical remote administration tools that allow under %systemroot%\System32\, installs the
access to Windows GUI. service and starts it. These steps require
administrator credentials.
Recent Windows systems “Windows 2000,
Windows XP, Windows Server 2003” natively If you are logged on with local credentials that
support Terminal Services, the feature of also correspond to local administrator credentials,
Windows NT that allow multiple concurrent with a domain administrator account or with an
interactive logon sessions. The network protocol account with username and password identical to a
used by Terminal Services is RDP, Remote local administrator account on the remote system,
Desktop Protocol, and operates by default on TCP additional credentials are not needed.
port 3389.
Rcmd is a Windows NT 4.0 Resource Kit tool
Terminal Services rely on Windows authentication composed of a Windows service and a command-
to authenticate users establishing remote sessions. line client that supports remote process execution.
In addition, applicative permissions are supported The Rcmd service opens a named pipe,
by Terminal Services to restrict the category of \pipe\rcmdsvc. The Rcmd client establishes an
users allowed to establish Terminal Services SMB session to the IPC$ share, authenticated with
sessions, Permissions tab in the Properties of the an account that needs to have the
RDP-Tcp transport in Terminal Services SeInteractiveLogonRight logon right "Allow log
Configuration MMC snapin. on locally".
143
Journal of Theoretical and Applied Information Technology
www.jatit.org
SH
iS
W
D
SH
While choosing a Windows remote administration
in S
W
tin
tool, the following characteristics have to be
pu
m
Co
k
or
tw
considered the TCP ports required to use the
Ne
r
re
al
p lo
tu
V ir
Ex
e
remote administration feature the supported
v ic r
Se
e
op
Sc
authentication mechanisms, system authentication
o te
m
Re
e
er
implemented by Windows, application level
wh
ny
ly A
o te
m
authentication only.
Re
in g
ar
Sh
p
to k
es D
o ls
o te
To
m
Re
ol
n tr
Co
3. COMPARISON AND ANALYSIS
o te
m
te r
Re
pu
om
eC
ot
m
Re
ng
In this paragraph, we mention the availability of
th i
ny
eA
ot
em
features in each remote administrator tools. In
R
to
t ra
n is
mi d
addition of chart on each group of features, it will
ea
ot
m
re
Re
he
yw
present the strengths of these remote administrator
An
PC
e
Softwares
ag
tools. These charts help the IT to choose the
an
tM
or
Features
p
up
tS
remote administrator tool that leads their
tr o
Ne
on
ec
ot
m
Re
professional skills.
p
tO
ve
Ne
er
bs
TO
NE
g
We did this experiment for a couple of reasons.
tin
ee
tm
Ne
First, it seemed like a great academic exercise.
2
l
tro
on
tC
Ne
There’s a certain challenge that comes from
PC
My
administering your organization’s web server or
IC
AN
e
rb
ot
O
m
p
Re
kt o
CO
s
De
EM
m
Da
l
14
12
10
F e a tu re s A v a ila b ilitie s
this becomes very apparent when you’re at some
social event or in a meeting.
Figure 1 - Main features
144
File Transfert
6
4
G. File Transfer
FeaturesAvailabilities
1
em V
R
O
C
M
E
mentioned in the market. These features are One to
features “File Transfer” in the available products
Softwares
145
www.jatit.org
Misc Feature
© 2005 - 2008 JATIT. All rights reserved.
8
Installation.
7
6
H. Misc Feature
5
Journal of Theoretical and Applied Information Technology
4
3
2
FeaturesAvailabilities
1
0 l s y r ro e o g r ls g re r
in tro IT tie rit io C N C l g ve nt re at in te oo rin pe re tin D
tili ite ss 2 tin ag tr th he lo pu H H
W on ol ho rb fe yP LA yP tro er co he is pu lT ha w co S S
C tr U ut O er M ee bs e an w ny S xp om S iS
dm e on T A ro oM on m O ny in A om tro ny eS E W
A N p P ov IC C T ot tM A m e C op A ot e C in
ac C e op to p oT G et et E m or e on kt ly ic rk W
pl r t k o G N e p C ad ot ot C s te em v o
a k N N R P e e e o er w
ny es D
es skt
p up ot em ot D R
A eW D e O S R em e em S et
D et em R em ot R lN
am e et N R R
D ot N em ua
R irt
em V
R
O
C
M
E
features “Misc Features” in the available products
Software
Security
9
6
I. Security
Features Availabilities
0
l IT s y r C N C 2 g l re r g r s g re e r g D
in tro l tie rit ite al l ve ro er to in te ol in re tin H SH
W ro o on yP LA yP tro tin er nt ag he ra th pu ar he op lo
m on t tili th rb si M er M ee bs co an st To yw Sc xp pu SS iS
C on U O es o IC on m O e n yw ni A ny o m rol Sh n te E in W
Ad e C T Au op oT ov C et o t t M A i C t p A o e om
ac N p of G G et N ET r d m te e o n to l y m ic C W
l e to kt Pr N N m o C a o C k e e k
yp ar k es pp P ot ot R rv or
Figure 3 - Misc Features
es D op Re e em e es Se
An eW D kt p Su ot R em ot D em tw
s O et em R em e R Ne
am De et N R R ot al
D e N em u
ot R rt
Vi
em
R
O
C
Encryption, Use NT Profiles, and Audit Log.
EM
Softwares
Password Encryption, Dial Back, Use Windows
features “Security” in the available products
146
www.jatit.org
Protocol Support
© 2005 - 2008 JATIT. All rights reserved.
4.5
4
3.5
J. Protocol Support
3
Journal of Theoretical and Applied Information Technology
2.5
2
1.5
Figure 4 - Security Features
Features Availabilities
0.5
are IPX/SPX, NetBIOS, TCP/IP and NetBEUI.
0 a l r g
ol es y r on C g ro er or g ls re r tin D
in tr T iti rit ite si N C l 2 ve re at in te oo op pe re H
W lI til yP yP ro tin er nt ag he tr th pu T kt he lo pu H S
on U ho rb s LA co an w is co S iS
ntro ut oM er M ont ee bs y n ny m ol es nyw S xp om S
A
dm e C
o T A
O rofe
IC m O te M n i A o tr D te E in W
ov C C
products mentioned in the market. These features
features “Protocol Support” in the available
The Figure 5 represents the availability of these
c C N op P oT et T o rt A m e C e yA o W
a e op kt p G G et N E C ad ot e on ot el ce k
pl ar kt N N em po P ot C ot em vi or
ny es to R up e em e em R er w
A eW es D esk p S ot R em ot R em S et
D D O et R R
am e et N em em a lN
D N R R u
ot
irt
em V
R
O
C
M
E
Softwares
Platform Support
8
7
6
5
4
3
K. Platform Support
2
1
Features A vailabilities
0 l 2 l
in ro l IT s i ty er C C l g e r re or g r ls g e er
W nt ro ie or it yP AN yP ro ti n rv ro ge he t in te oo in er pe or t in g HD SH
m nt i lit th rb na M rL M nt ee se nt a ra y th pu ar wh co pl SS iS
Ad Co Ut O si o ve IC tm Ob co an yw ist m lT ny eS Ex pu in W
ce Co Au To Go t Co T e M An in An Co tro Sh ot m W
NT p t op es Go Ne ot t m e n p yA m e Co
pl a e to sk of Ne NE m or PC ad ot te Co k to el v ic k
Figure 5 - Protocol Support
y ar sk Pr Re p e m o e s ot Re er or
An De p p up ot Re m ot m S tw
eW De to tS m Re m De Re
m sk tO e Ne
Ne Ne Re Re ot al
Da De m u
o te Re V ir t
m
Re
Windows 2000/XP, NT 3.X, NT 4.00, Linux.
CO
EM
are Windows 95, Windows 98, Windows "ME",
products mentioned in the market. These features
features “Platform Support” in the available
The Figure 6 represents the availability of these
Softwares
147
www.jatit.org
Connectivity
© 2005 - 2008 JATIT. All rights reserved.
6
Wireless IRDA.
5
L. Connectivity
4
Journal of Theoretical and Applied Information Technology
Features Availabilities
1
Figure 6 - PlatForm Support
0 l
l s y r na r g r ls g re g
in tro T tie rit io C N C g ve ro er re to in te rin er tin D
lI ite l 2
tin nt ag oo he pe or H H
W on tili ho rb ss yP LA yP tro er co he tra th pu lT ha w co pl pu S
C tro U ut O fe er M on ee bs e an yw is ny S SS iS
dm e on T A ro oM m O in A om tro ny eS Ex om in W
A C N op P oT ov IC C et ot tM An m e C op yA ot e C
ac e op kt G G et N ET m or ot e on kt el m ic rk W
pl kt op N N e p C ad ot C s t e v o
ar es kt R up P e em e e o R er w
ny es D p S ot em ot D S et
A eW D es O R R e em
D et et em em ot R lN
am e N N R R
D ot em ua
R irt
V
Analogue Modem, ISDN, WAN, LAN and
features “Connectivity” in the available products
mentioned in the market. These features are
Figure 7 represents the availability of these
em
R
O
C
M
E
Softwares
Journal of Theoretical and Applied Information Technology
www.jatit.org
Remote administrator tool has no special hardware [7] Mark Russinovich, PsExec supports several
requirements. Even if your old home computer is options, 1999-2006. URL:
what you use for running your business, it’s fast http://www.sysinternals.com/ntw2k/freeware/
enough for Remote administrator tool. If the psexec.shtml
computer runs Windows, Remote administrator
tool will run on it, and it will run faster than any
other remote control software you can buy.
148