[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1378
  • Last Modified:



I am evaluating Logmein as a remote access solution for my corporate environment at the moment. A network consultant (trying to sell me another product) said that I should stay well away from it as its unsecured "Man in the middle". Security is very important to us.

I have read the white paper and it looks secure, going to use it with RSA dual factor authentication, and I have searched the Internet and cant find anything negative.

I like the solution because of what it offers but I dont want to look an idiot in front of my boss if I recommend something that is a security risk.

Can someone here give me an unbiased opinion? How secure is it?

  • 2
1 Solution

In my experiences with the product, it is very secure. The protection offered from preventing malicious access to your LogMeIn account is excellent and I could not see an intruder infiltrating their system easily.

However, the problem comes in terms of whether LogMeIn themselves can be trusted. In a properly configured environment, I would not use LogMeIn since it means deploying something beyond your control. Instead, a local TS Gateway server, with an encrypted SSL session between that and the client workstation is my preferred approach, for offering much better security.

Your best bet in terms of using a free remote app is to use CrossLoop.  Easy to setup, plus it confirms the man in the middle and other security worries are not an issue as it requires for the initial connection a code must be supplied by the other side for a successful connection.  Its a great product, and since I had used logmein previously, in my opinion it was superior to logmein.
You could have a look at http://www.experts-exchange.com/Security/Vulnerabilities/Q_23123193.html

The main security vulnerability with something like logmein stems not from the level of encryption, but from the fact that you are trusting a 3rd party to handle your security.  That combined with web-based login means that there is some visibility on the public internet - compromised passwords would leave you wide open.

I generally prefer certificate based authentication that is managed in house.  A solution such as OpenVPN gives you the advantage of certificate based authentication, with high encryption levels, but it is all managed in house.
If you use a Cisco pix firewall for your enviroment, the way around all the security issues is to use the Cisco VPN option and that will secure the connection, etc...

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now