Security, Encryption, & Ports

Security:

The DameWare NT Utilities & DameWare Mini Remote Control programs were built using the Microsoft SDK and Microsoft API calls and rely heavily on the Operating System's built-in security. Furthermore, Administrator rights are required to install, start, stop or remove any Service in Windows NT/2000/XP security. Please also keep in mind that the DMRC program always authenticates locally to the remote machine. Even if the Mini Remote Client Agent Service were already installed on the remote machine, you must be able to authenticate locally to that machine (i.e. Login at the console using the supplied credentials). Therefore, the credentials you are attempting to connect with must be a member of one of the following group on the remote machine:

Administrators

Powers Users

Users

Server Operators

Account Operators

Backup Operators

Print Operators

Therefore, it is the Operating System which determines which machines a user can logon to via the DameWare NT Utilities and DameWare Mini Remote Control programs (not our software).

Encryption:

Within the MRC program, no credentials, nor any of the other session negotiation information is sent over in Clear Text.  It's all encrypted.  You also have additional options of encrypting general data, graphics, and file transfers.  Click on the Settings button for your Host Entry, then select the Encryption Options Tab.

Additionally, beginning with version 4.4 and above, we have also added extensive enhancements with regard to the encryption algorithms used within the MRC program. This includes the "Encrypted Windows Logon" authentication method, as well as all features on the Encryptions Options Tab and any other features within the software that requires any type of encryption:

Essentially, for any type of encryption within our software, we are now using Microsoft's cryptographic services providers (CSPs) & CryptoAPIs.

Ports:

The DameWare NT Utilities & DameWare Mini Remote Control programs can connect to remote machines that are members of a WorkGroup, members of a Domain, or stand-alone machines. You can even connect to remote machines over a WAN or the Internet, however, connectivity is entirely dependent on your network configuration & implementation (routers, firewalls, VPN, blocked ports, etc....).

Provided the Mini Remote Client Agent Service was already installed & running on a remote machine, then only a single TCP port is used. The default TCP port is 6129, however, you can configure the Mini Remote Control program and Client Agent to use any one of the 65,000 valid TCP ports. I also recommend that you use some obscure TCP port, something other than 6129, because TCP 6129 is a well known port for the Mini Remote Control program.

All the Views in the NT Utilities program (i.e. Users View, Event Log View, etc), as well as the Mini Remote Control program's ability to remotely install, start, stop, or remove the Mini Remote Client Agent Service uses the Operating System's installed protocols, basically File & Printer Sharing (i.e. 137-139/445).

TCP 6130 & 6132 are also used by the Mini Remote Control program. However, these ports are the default TCP ports used for reverse connections, and proxy connections. In other words, these would be outbound from the Client Agent Service back to a machine running the MRC program, not inbound.