Security Risks for Log Me In

Hi All,

Does anyone happen to know what security risks there are using Logmein for Remote Administrators?

LVL 1
jsctechyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

eric1508Commented:
I use it myself for remotely servicing some of my clients computers and I love it!  As far as the security aspect goes, I think, for the most part you will be the weakest link.  What I mean by that is the fact that the connections and transmission of data is all 256bit encrypted.  So it is very unlikely that a breach will occur during general use.  The main way you will see security issues is going to be with weak login passwords.  Obviously if someone gets a hold of your login info then it's game over.  As long as that's solid then I think you're pretty much good to go.  Of course there's always going to be the exception to the rule where somehow the encrypted session is breached but that is a risk you take any where on the internet.  But I think as far as security goes, LogMeIn is pretty solid.  Eric.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David-HowardCommented:
Eric is correct as far as administrators/users being the weakest link.
When deployment is done with care and LogMeIns optional security features are utilized, the benefits greatly outweigh the risks.
I have listed the URL for Logmein's white paper. This discusses the software architecture and functionality.
https://secure.logmein.com/wp_lmi_security.pdf
David
0
jsctechyAuthor Commented:
What about Financial Institutions?  Would this be okay?
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

eric1508Commented:
Everything that says it's secure could always be made more secure in one way or another.  The important thing is that it meets a certain level of security (256bit encryption for connections and data transmission and password protected login are examples of necessary security).  So in light of this, logmein meets what I would consider to be an essential amount of security for personal and business use.  With that in mind, it could certainly be made more secure.  One example of this would be to have passwords that change every couple of minutes that you read off of a wireless device that only you can see.  This way, even if someone was able to get a hold of your password it would be outdated before they could even use it.  Now this would be overkill for most situations but this is the kind of thing that some financial institutions use to keep things locked down.

So I think that if you are smart about what password you use and how you use it logmein should take care of the rest.  Is it secure enough for financial institutions?  I would say yes with the understanding that it could always be more secure and there are no guarantee's with Internet security.  (And it also depends on HOW BIG of an institution.)  Eric.
0
colemac72Commented:
Hi Everyone,

My experience with Logmein has not been a good one.  I was running it on a Windows 2003 server with all the latest patches and SP's.  The server has been running years without a problem, about a week after the installation I got two viruses, the first was brute.exe which is a password cracker and the other is called W32.Pinfi which is considered very low.  

I was using the Alert features of the application so I could get critical alerts of the status or health of our server.  I wasn't even using the remote login feature.  

 I had all the default security features enabled including the Advance security option but can't say that I am an expert with the product because I was using it as an Eval.  The remote connection is secured by SSL but the Host program itself is what I want to know if there are any known security holes.  Let me know if anyone had similar problems with this application.

Thank you!!
0
jlaudioCommented:
LogMeIn seems to have brought nothing but problems for a client I saw last night.

A colleague of mine asked me to come into his office to try and rid their network of viruses and malware, as well as do some security hardening on the network. I was told that the client office was either physically being broken into during the wee hours of the morning, or they were being hacked every night. They were sure it was one of the 2, because 2 of there computers were logged in as admin every morning when they had been logged in as the actual users of the systems at closing time.

When I got there and logged onto the first computer, I noticed it was running LogMeIn. This computer had been experiencing all kinds of problems. The IT guy there had found (in the Documents and Settings\administrator\local documents\download folder) all kinds of porn, and all kinds of media dealing with hacking. CDs, Books, pdfs and videos on hacking. When I got there I found only rar files for a OnOne software (still need to look into this).

The computer had also had a Torrent app installed.

The AV program on the computer was overloaded with the amount of viruses (trojans, hackroot toolkits) and other issues it kept finding. There was a particularly destructive program on there called Windows Police Pro. It acts as an AV program, but obviously is quite the opposite. I tried removing it, and was eventually only partially successful. It installed itself in start menus and in the registry and Search n Destroy was not able to get rid of the app in full on reboot... the problem got worse.

Well moving, LogMeIn seems to be the most probable way the the 2 computers were compromised. The local admin accounts had blank passwords. I figure the office was somehow portscanned and determined to be hosting computers with logmein. the hackers the used the admin account and the 2 computers to install their bit torrent and do all sorts of nefarious things.

I cleaned up everything very well. Still waiting to see if they are comprimised again. Funny enough, the router (local carrier DSL router w no admin pw) had been configured also been configured to allow RDP on to the server, and to the infected workstations on different ports! The IT guy there told me no one should have remote access to their network. I disabled all this. I had to check active directory accounts and remove Terminal Server access, had to rename admin account, use pass phrases instead of pws, change local admin accounts, and clean up infested pcs.

Well, again LogMeIn seems to be the most probable way the the 2 computers were compromised.

Any other ideas?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.