Cellebrite PA supports Remote Desktop Access

That is exactly what Cellebrite support is suggesting that I do.

Instead of RDP that is protected by 4 layers of security in our implementation they are suggesting Team Viewer or similar that exposes you to anyone with internet connection.

So hear hear that…

Surely I am too old for this stuff ( , but the sheer idea of leaving a computer containing evidence/sensible material switched on, unattended, connected to the Internet and available to RDP (or similar) is sending shivers through my spine 😯 .

Hear hear.

Hello Ermin,

I understand your pain. However, you should not be so hard on folks who really do not believe that remote is the way forward. I myself really believe that forensic work is best done on site and I am completely against my forensic machines being connected to any network, regardless of the security features.

Now to your point. If Cellebrite are planning to charge you 500USD extra it might be because they would need to work on a solution tailored just for you. Additionally, you don't even know if any other vendor would be able to supply an application that would suit your needs. I am also confused by why 500USD seems so much to you, especially if it is a one-off purchase. Present the idea to your management and have a discussion with them why you really need this remote access feature

I understand your pain. However, you should not be so hard on folks who really do not believe that remote is the way forward. I myself really believe that forensic work is best done on site and I am completely against my forensic machines being connected to any network, regardless of the security features.

It would make my life a lot easier to work from home….but sadly in reality there's probably no such thing as an unhackable system…..rathers ones that just haven't been hacked yet (or known to have been hacked yet).

Whilst the better the protection/detection systems in place, the more unlikely it would be, but would you be able to take the stand and say there's NO chance anyone could have got in and accessed/modified data? Or could you say for certain that no data has escaped outwards without your knowledge (undetected malware in operation perhaps)? I think the answer is no.

Another related aspect would be the unwitting loading of data (perhaps if the network is connected to the internet and content being viewed/parsed tries to retrieve it).

Being connected to a network (especially if it has access to the internet) presents a raft of potential issues/uncertainties.

Thanks for your comments!

-I understand the remote concerns and that is part of the issue because clients are being lead to less secure options.

-It is certainly ideal not to be connected to anything but we have deadlines to keep and take great care of security. I would like to be completely offline but we accomplish much much more this way. Whatever the answer here, it is not up to Cellebrite to enforce nor they are trying to.

-Cellebrite is not tailoring anything for me. This is available for anyone and it was available when I asked about it. the additional work they did was to implement this block in the first place. They are not adding features but removing arbitrary restrictions that no other software I use has.

-I am asking for feedback, there are many alternatives and I use one already. I just did not use all of them. I already have offer to demo one of the alternatives so that is great. I do know that alternatives do not care if we use RDP or not.

-500$ is per year. I find it is unacceptable because it is not a feature. Even if it was feature I believe it should be included in $5,012.20 USD that we paid for the year of updates for that licence.
We paid $3400 USD in 2018, $5,012.20 USD in 2019 (Tax included) so the next Quote will be $5500 at minimum (with RDP) if they do not raise prices again. I think it is bit rich to ask $500 for something that everyone else did not bother to block.

I am management and I decide were we spend money. It is just getting very hard to keep sending it to Cellebrite.

Cheers!

Ermin

Hello Ermin,

I understand your pain. However, you should not be so hard on folks who really do not believe that remote is the way forward. I myself really believe that forensic work is best done on site and I am completely against my forensic machines being connected to any network, regardless of the security features.

Now to your point. If Cellebrite are planning to charge you 500USD extra it might be because they would need to work on a solution tailored just for you. Additionally, you don't even know if any other vendor would be able to supply an application that would suit your needs. I am also confused by why 500USD seems so much to you, especially if it is a one-off purchase. Present the idea to your management and have a discussion with them why you really need this remote access feature

With all due respect, this is not about remote access security and Cellebrite is not a champion of promoting the security.

We have our workflow and you have yours, I am happy that you can do it whatever way you do but that is not relevant here.

I understand your pain. However, you should not be so hard on folks who really do not believe that remote is the way forward. I myself really believe that forensic work is best done on site and I am completely against my forensic machines being connected to any network, regardless of the security features.

It would make my life a lot easier to work from home….but sadly in reality there's probably no such thing as an unhackable system…..rathers ones that just haven't been hacked yet (or known to have been hacked yet).

Whilst the better the protection/detection systems in place, the more unlikely it would be, but would you be able to take the stand and say there's NO chance anyone could have got in and accessed/modified data? Or could you say for certain that no data has escaped outwards without your knowledge (undetected malware in operation perhaps)? I think the answer is no.

Another related aspect would be the unwitting loading of data (perhaps if the network is connected to the internet and content being viewed/parsed tries to retrieve it).

Being connected to a network (especially if it has access to the internet) presents a raft of potential issues/uncertainties.

You might indeed be too old if you think that only way for someone to work remotely is to open RDP to internet on each computer that needs connecting to.

Nowdays there are things like VPN, MFA authentication, IP filtering, firewalls etc etc.

Sure I am old, but that does not mean outdated or ignorant, you would be surprised by my (small but perfectly up-to-date) knowledge of VPN's and firewalls (admittedly not so much on MFA authentication at a small office level)

If world worked the they way you think it does nobody would ever work from home no matter what they do.

I don't know, if I were King 😯 I would probably allow a lot of people (lots of professions/activities) to work from home, but surely there would be a few exclusions, as a first draft, those dealing with sensitive, secret/classified and criminal/evidentiary data.
But also monarchy is such an old concept …

So no, it is not a RDP connection open to the internet waiting for anyone to connect but thanks for your concern.

You are welcome ) I was only sharing my feelings, no doubt that you have implemented a well thought out and secure system for remote access, which would BTW be another reason to not trust a third party, such as Cellebrite, qualified as they may be, to alter it in any way, besides and before the 500 bucks per year.

jaclaz

Thanks for your comments!

I feel that I still have failed to explain the issue correctly.

Cellebrite is not doing anything to alter RDP, or change it in any way or provide it.

All they are doing is ALLOWING their software to be used while RDP connection is open for $500 per year.

So it is all about removing the arbitrary limitation they implemented and charging 10% of the renewal cost for that privilege.

Which is already default for all other tools that we use, as they did not go out of their way to check if RDP is active and to stop the software if it is.

Cheers!

You might indeed be too old if you think that only way for someone to work remotely is to open RDP to internet on each computer that needs connecting to.

Nowdays there are things like VPN, MFA authentication, IP filtering, firewalls etc etc.

Sure I am old, but that does not mean outdated or ignorant, you would be surprised by my (small but perfectly up-to-date) knowledge of VPN's and firewalls (admittedly not so much on MFA authentication at a small office level)

If world worked the they way you think it does nobody would ever work from home no matter what they do.

I don't know, if I were King 😯 I would probably allow a lot of people (lots of professions/activities) to work from home, but surely there would be a few exclusions, as a first draft, those dealing with sensitive, secret/classified and criminal/evidentiary data.
But also monarchy is such an old concept …

So no, it is not a RDP connection open to the internet waiting for anyone to connect but thanks for your concern.

You are welcome ) I was only sharing my feelings, no doubt that you have implemented a well thought out and secure system for remote access, which would BTW be another reason to not trust a third party, such as Cellebrite, qualified as they may be, to alter it in any way, besides and before the 500 bucks per year.

jaclaz

KVM over IP?

https://en.wikipedia.org/wiki/KVM_switch#KVM_over_IP_(IPKVM)

jaclaz

That would work if KVM can drive dual 32" monitors )

There are many ways to go around the RDP restriction and they know full well, even suggesting some.
It is when they ask $500 USD to take the block off where I start to feel that they lost touch.

KVM over IP?

https://en.wikipedia.org/wiki/KVM_switch#KVM_over_IP_(IPKVM)

jaclaz

That would work if KVM can drive dual 32" monitors )

Dual/multi monitor solutions exist, but you won't probably like the price tag … (

jaclaz