How secure is it to use Apple Remote Desktop?

[kat.hayes]

How secure is it to use Apple Remote Desktop to log into a Mac remotely? What is the likelihood of someone getting into the remote Mac by having to lower permissions on the Mac, or whatever needs to be done to make this work?

Thanks.

 

[Mr Rabbit]

From Apple's tech specs page on ARD 3:

Encrypt all communications between Apple Remote Desktop 3 and client computers with 128-bit AES encryption, or disable encryption for data-intensive tasks

When setting up a client Mac to be accessed by an ARD admin you need to enable "Remote Management" inside the client's Sharing preferences. The main option inside this particular preference is "Allow access for" either everyone or just specific users. Beyond that you have the options I've attached below.

For the Macs that I manage I set all of them to only allow access using their single local administrator account. This means that while ARD can see the barebones details of the client Macs it is only allowed to manage a client once the admin authenticates with the client's local admin account. Once authenticated the options shown below dictate what the remote admin can do or access.

If you are working remotely (outside of a local network) either through VPN or other means then I imagine the security loosens a bit but it would seem as though encrypting all of the network traffic (under the security tab in ARD's preferences) would tighten it back up.