• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3651
  • Last Modified:

Hamachi remote user security concerns

I have Introduced Hamachi to my network, and there are a number of users that are loving it.

However i do have a building concern about its security... Im not worried about intercept traffic the encryption and hanshake is pretty solid from research done. however if i have hamachi running as a server and it joins a network that links it to our internal server how secure is that information.

how much can an attacker that gains physical acces to one of our machiens that has hamachi installed do?

Can he join the network? Gain the network credentials so he can connect from his machine? and in trying to keep the hamachi experience seamless is there anything i can to to prevent some of this.

I know any scrip kid out there can hash the local sam file and do what they want to local users. however what if i remove them entirely? not just disable so only Domain users exist? can the same attack be used? and/or can they get onto the machine and therefore have access to the hamachi network?

also if they were to just physically load the drive what can they learn abiout my hamachi network? can they get my "network/password"?

Any discussion on this is really appreciated.

As this level of physical security is not discussed much so far form my reading.

the best i get is from a Security now interview with Steve gibson
http://www.grc.com/sn/SN-018.htm

but they dont talk to much about this exact scenario, except to reasure me that the keys to my kingdom are not readily available. but they are there in a form.

I have a topic running on the hamachi forums as well as here.
http://community.logmein.com/logmein/board/message?board.id=19&thread.id=15
0
Stephen-TheMIM
Asked:
Stephen-TheMIM
  • 6
  • 4
1 Solution
 
Ron MalmsteadInformation Services ManagerCommented:
Hamachi is just like any vpn, in the sense that,...all the machines joined act as if they are on the same network.

The network security of those connected machines, is the same security that would apply if they were actually physically inside your building.

Now if you have another domain or network for which these users are not supposed to have access,...then you should avoid putting hamachi on any machines in the other network.  Hamachi will not route to other networks that are simply connected to your lan...it will only have access to machines on the same hamachi network.

So my advice would be to evaluate which machines/servers they should have access to, and only put hamachi on those machines/servers.   If you need the servers to have hamachi for whatever reason,...you can always create a seperate "hamachi network", for your own administrative purposes.
0
 
Ron MalmsteadInformation Services ManagerCommented:
>......another thing,...if they have a username/password on your active directory network, and you have hamachi running on a domain controller,..then they would have permission to join your domain over hamachi.
0
 
Stephen-TheMIMAuthor Commented:
This is all as expected, the purpose is to bring them inside to the AD so they have remote acces to digital assets from their remote location.

I am more concerned if the laptop that was joined  to the domain in the fashion were stolen or lost for example. and what i can do to prevent something from happeneing in that respect.

Part of this is is also what can be done to secure them from this event if anything?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Ron MalmsteadInformation Services ManagerCommented:
If a laptop were stolen, for example....the first thing you would do is "EVICT" the machine from the hamachi network, or simply block them.  

https://secure.logmein.com/products/hamachi/advantages.asp
0
 
Stephen-TheMIMAuthor Commented:
so in essence the laptop if stole and fully unsecure then?
0
 
Ron MalmsteadInformation Services ManagerCommented:
If a laptop is stolen...the laptop itself is totally unsecure....anyone with minor technical skills would know how to reset the local admin password to gain access to the machine....  However, if you are aware of the theft, you can mitigate your risk by 1) evicting the machine from the hamachi network, 2) deleting the computer account from active directory, 3) change passwords for hamachi and the user who's laptop was stolen.

0
 
Stephen-TheMIMAuthor Commented:
if i remove all local accounts and/or drop them down to non admin access, would this help?

also AD accoutns are cached but more secure?
0
 
Ron MalmsteadInformation Services ManagerCommented:
It wouldn't make a difference....

If someone has physical access to the machine, they can easily break into the machine...however, gaining access to your network is another story...  that access is controlled by your active directory user accounts / permissions...

The same scenario would apply whether you have hamachi installed or not....  if the laptop is stolen, then you would want to make sure the machine is deleted from AD, and the user who used that machine get's a password reset.

A cached logon would make no difference, once a password is reset.

There are also other options for tracking, recovering, or securing machines that are used "remotely", such is the case with most laptops.

1) encryption....
Encrypt the hard drive....then it would be impossible for someone to "hack it" without knowing the administrative password.  PGP, or windows EFS.
2) tracking software - here's on of many services out there... http://www.absolute.com/solutions-theft-recovery.asp
Dell has a service for this also..
here's another....
http://www.lojackforlaptops.com/
0
 
Stephen-TheMIMAuthor Commented:
given the loose nature of the question the information helped me get a good undedrstanding of what can happen.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now