Screens Connect on my Mac - is it secure?

airwhale · May 21, 2019, 1:11pm

I am considering enabling my iMac to respond to an incoming connection from “Screens” when I’m out and about. It sounds really convenient to have access to my Mac from anywhere.

However, I am kinda worried about the security aspect here. I will need to set up a port to accept ALL connections from the wild, just in case it’s me. Software routinely ship with bugs, some of them serious, some of them not even identified, potentially leaving my machine open to attacks (not that I’m a target for my content, I’m thinking more of crypto-miners and ransom-ware and botnet-minions). The port scanners will have my IP/port-number in a matter of hours from enabling it.

Talking myself out of it as I type, but am I too paranoid on this? Curious to hear how others are managing this type of service.

aardy · May 21, 2019, 3:53pm

If you use screens connect on your mac you don’t need to open ports / port forward.
Add it to your screens account and you can connect from anywhere.

airwhale · May 21, 2019, 4:09pm

Really? That is interesting. Will check it out. Thanks!

airwhale · May 21, 2019, 4:32pm

@aardy Sorry, no go. Port forwarding was indeed required. The software told me to turn on UPnP in the router for it to be able to open any darn port it wants to. UPnP is always disabled for any network I run, it’s a crazy contraption that is really dangerous. (Any device can request any port to be opened, with no notification, no approval from user or even a mechanism to list and review what ports have been opened behind your back.)

aardy · May 21, 2019, 5:17pm

Fair enough, I hadn’t checked it for UPnP

Timo · May 21, 2019, 5:49pm

You can try Jump Desktop . I couldn’t get Screens to work at work (ha) as I can’t open ports on the router. But Jump Desktop works.

JKoopmans · May 21, 2019, 7:03pm

I use screens with a privacte VPN. I Have a synology router and VPN into that, and from there use screens to access my macs. Most routers would have that functionality. It works great for me.

JKoopmans · May 21, 2019, 7:10pm

that also uses a connect app, doesn’t it? So again opening up a connection (though through different mechanism) That would again give 3rd parties a potential entry into your network?

airwhale · May 22, 2019, 6:33am

Thanks, this might be the way to go, running a proper VPN. That should be possible on my router too.

airwhale · May 22, 2019, 11:05am

Update: I configured my network with a VPN server and set up a new VPN profile on my iPad Pro. I also needed to add a static route between the VPN-network and the internal LAN. So, once authenticated, I can now reach the iMac using Screens. As far as Screens is concerned, it believes it is on the LAN, and the L2TP VPN is encrypting and tunneling my traffic.

Sweet!

(Now on to reading about how long of a random VPN key I really need to avoid any surprises.)

Shruggie · May 22, 2019, 12:29pm

So Jump Desktop use a reverse proxy or something?

Shruggie · May 23, 2019, 4:28am

Cool. Will try it. Been looking for a way to work from home when I don’t have the laptop with me.