Trustless: Why All Remote Access Should Be Peer-to-Peer
Remote access is a cornerstone of modern IT support for businesses large and small. When something is going wrong with a user's device, the device doesn't physically need to be in the same room as the technician. Remoting into devices changed the IT field and made a lot of distributed work possible.
Unfortunately, however, most remote access relies on older technologies. There has to be a middleman to facilitate connections between devices. The server that acts as a go-between connects the devices and passes all the information between the devices. The opportunities for sniffing information, collecting metadata about connections, and potential attack vectors increase because of these middlemen.
In light of these security concerns, It's time that remote access becomes peer-to-peer by default. Modern technologies can connect two devices directly and securely, vastly reducing the security risk of using a middleman. Moreover, direct connections can have lower latency, leading to faster, more secure connections.
No Need to Trust a Middleman
In the old model, remote access was mediated through a third party who provided a connection between devices. But that connection comes at the cost of data privacy and a black box about how your data is handled.
Additionally, those old style connections often required companies to poke holes in their firewalls in order to allow remote connections. Any hole poked in the firewall is an obvious security concern. They also often required the technician to physically be at the office or other whitelisted site before they can gain remote access.
However, newer technologies make these issues obsolete. Peer to peer technologies are now sophisticated enough that we can provide remote access without your data ever touching middleman servers. Moreover, technicians can remote into devices from anywhere (home, coffee shop, etc).
How Trustless P2P Remote Access Works
In order for two devices to connect without a middleman, they need a shared protocol for discovering each other and establishing trust. In our case, we use the Interactive Connectivity Establishment (ICE) protocol. In turn, ICE uses Session Traversal Utilities for NAT (STUN) and/or Traversal Using Relays around NAT (TURN) in order to establish the connection.
Explaining in detail how those technologies work is beyond the scope of this article, but we highly encourage reading those links from Wikipedia if that's the kind of thing that interests you.
The upshot of all this is we can establish connections from anywhere to anywhere without data ever touching our servers. After connection, we use the well-established WebRTC project to send audio and video communication between connected devices.
End-to-end encryption on this entire process provides peace of mind that your data is secure in transit. The user's computer and the technician's computer are the only devices with access to your data.
The great thing about this system is the protocols are well-established and open source, meaning you can inspect the source code (WebRTC) and specifications (ICE, STUN, TURN) for yourself. No need to trust a software vendor's security practices. You can verify security for yourself and rest easy knowing that thousands of developers have contributed to making these technologies secure.
Benefits of P2P
Peer-to-peer comes with many benefits that make it the obvious choice for remote access moving forward:
- Security: Limit the devices that have access to your data and possible attack vectors against your connection
- Data privacy: Direct, encrypted connections mean the opportunities for sniffing information or metadata are largely eliminated
- Latency: Connecting to a middleman slows your connection, meaning technicians spend too much time waiting for things to load
- Accuracy: Lower latency + a direct connection means you're getting the current state of a device. See processes, CPU usage, disk space, & other device data in real time
The Future of Remote Access
With the growth of distributed workforces globally, remote access and monitoring is only becoming more important. As more people work from home, it becomes physically impossible for a technician to be in the same room as all the devices she services in a day.
This is already the case for most companies. The number of devices the company owns far outstrips the ability of technicians to physically interact with each device. However, existing software for remote access presents security concerns, slow technician experience, and often inaccurate data.
Peer-to-peer connections help with many of the concerns around existing solutions. They eliminate the middleman security concern with modern protocols for establishing connections. Moreover, the direct connection also reduces data latency. Peer-to-peer remote access is safer, faster, and more accurate, making it the clear choice for modern IT teams.