Comments on: More thoughts on LogMeIn http://vpnhaus.wordpress.com/2008/08/20/more-thoughts-on-logmein/ Tue, 10 Nov 2009 15:54:00 +0000 http://wordpress.com/ hourly 1 By: Jason Henderson http://vpnhaus.wordpress.com/2008/08/20/more-thoughts-on-logmein/#comment-15 Jason Henderson Wed, 03 Sep 2008 13:34:00 +0000 http://vpnhaus.wordpress.com/?p=51#comment-15 I think all the remote access services are very secure, they just differ based on price and functionality. For my small IT support business, LogMeIn Rescue is too pricey, so I've recently switched over to Techinline Remote Desktop www.techinline.com which is a fraction of the cost and is very easy to use since all the client has to do is open a page in the browser, get a number that you enter on your own end, and that's it! Although it's not as fully featured as LogMeIn Rescue, it's more than enough for simple remote support I think all the remote access services are very secure, they just differ based on price and functionality. For my small IT support business, LogMeIn Rescue is too pricey, so I’ve recently switched over to Techinline Remote Desktop http://www.techinline.com which is a fraction of the cost and is very easy to use since all the client has to do is open a page in the browser, get a number that you enter on your own end, and that’s it! Although it’s not as fully featured as LogMeIn Rescue, it’s more than enough for simple remote support

]]> By: Alen Chemy http://vpnhaus.wordpress.com/2008/08/20/more-thoughts-on-logmein/#comment-6 Alen Chemy Thu, 21 Aug 2008 09:59:30 +0000 http://vpnhaus.wordpress.com/?p=51#comment-6 I think your information will help to those people who are looking for good IT solutions. The services you are providing is very much useful requirements for the present ear. I think your information will help to those people who are looking for good IT solutions. The services you are providing is very much useful requirements for the present ear.

]]> By: Marcin Antkiewicz http://vpnhaus.wordpress.com/2008/08/20/more-thoughts-on-logmein/#comment-5 Marcin Antkiewicz Thu, 21 Aug 2008 05:06:55 +0000 http://vpnhaus.wordpress.com/?p=51#comment-5 LogMeIn poses few technical issues, but one huge are-you-breaking-the-rules question. I could care less about their 2 factor auth, length of the cypto key, or whatever else is advertised to provide secure connection, because that is not the problem. All remote-control software should be built reasonably securely by now, that much should be taken for granted (review past years of vulnerabilities in RDP and VNC for a list of errors that should be avoided). It's not about technology, but trust. Do I trust LogMeIn? Should I? Are they trustworthy? Another, huge problem is that use of such software extends network perimeter to all of the Internet. I gave one example of shoulder surfing at an airport or cafe. Home user's have little reason to care who looks over their shoulder, yet few fill out their tax returns on the airport. The same, however, cannot be said for corporate accountants, eager to finish work before whey show up home for a late supper. Corporate finances are far more interesting, because little no-risk gain can be glean from my tax information. The same is not true when the data belongs to a publicly traded company. I have more scenarios to offer, all more-or-less true. I understand that corporate VPNs, requiring special software, tokens, time slots, etc are a in direct opposition to the everyday home computer use paradigm. That's why huge numbers of totally insecure home/small business systems fall, as easy pray, to botnet operators. Most enterprises are able to avoid similar fate, but this success is partially paid by users in decreased usability or ease of access. I will not claim here that nothing can be done. Ease of access is rarely high on the priority list of IT Sec departments, so there is little talent or money devoted to it. Sometimes instant, secure, fast, and all-encompassing access to ERP from home pc is just not going to happen. At other times rules can be changed when a proper and sensible argument is presented. Again, this does not apply to home, or no-IT businesses. I would use gotomypc to get to home PC from work, sure, mostly because there is nothing of value on the PC. That is, nothing that cannot be stolen anyway, right from the browser, with smart but malicious use of *script. LogMeIn poses few technical issues, but one huge are-you-breaking-the-rules question.

I could care less about their 2 factor auth, length of the cypto key, or whatever else is advertised to provide secure connection, because that is not the problem. All remote-control software should be built reasonably securely by now, that much should be taken for granted (review past years of vulnerabilities in RDP and VNC for a list of errors that should be avoided). It’s not about technology, but trust. Do I trust LogMeIn? Should I? Are they trustworthy?

Another, huge problem is that use of such software extends network perimeter to all of the Internet. I gave one example of shoulder surfing at an airport or cafe. Home user’s have little reason to care who looks over their shoulder, yet few fill out their tax returns on the airport. The same, however, cannot be said for corporate accountants, eager to finish work before whey show up home for a late supper. Corporate finances are far more interesting, because little no-risk gain can be glean from my tax information. The same is not true when the data belongs to a publicly traded company. I have more scenarios to offer, all more-or-less true.

I understand that corporate VPNs, requiring special software, tokens, time slots, etc are a in direct opposition to the everyday home computer use paradigm. That’s why huge numbers of totally insecure home/small business systems fall, as easy pray, to botnet operators. Most enterprises are able to avoid similar fate, but this success is partially paid by users in decreased usability or ease of access.

I will not claim here that nothing can be done. Ease of access is rarely high on the priority list of IT Sec departments, so there is little talent or money devoted to it. Sometimes instant, secure, fast, and all-encompassing access to ERP from home pc is just not going to happen. At other times rules can be changed when a proper and sensible argument is presented.

Again, this does not apply to home, or no-IT businesses. I would use gotomypc to get to home PC from work, sure, mostly because there is nothing of value on the PC. That is, nothing that cannot be stolen anyway, right from the browser, with smart but malicious use of *script.

]]>