Saw a post recent on Download.com about LogMeIn, a web-based remote access utility that the author claims “makes an excellent case for ditching the VPN entirely.”
Truly, LogMeIn is not really a VPN… it’s a (fancy) remote desktop by the looks of it. It’d never fly with customers who require security, as it requires a third party to be involved. A convenience solution surely; but not “network” connectivity.
If you have a SSL VPN Gateway (with remote desktop component, or screen-scraping possibilities like AEP has [translating the remote desktop app. to a browser capable app. – very neat technology) you can do the same thing without the middleman! You basically can do the same with Remote Desktop directly if you know how to configure your router correctly to do so. We wouldn’t like to use a solution like this, as one is entrusting others with access to our machine ‘at home’ or wherever. It’s an ‘oursourced’ screenscraping solution by the looks of it.
“Essentially, I was using my work computer through a secure, encrypted connection, but without any of the obnoxious failures and hassles that come with running a VPN that affects my entire system,” writes Seth.
This argument is weak. But from an administrator’s standpoint, or security officer’s standpoint this would NOT be a good idea, as the “hassles” referred to there are security policies!
You even see it’s being used to circumvent security policies as one of the responses says: “I’ve been using LogMeIn for a year or so now. I’m a student at a high school with a lot of blocked proxies, so I connect to my computer at home through log me in and surf away.”
Convenient? Certainly. But not a viable alternative to a VPN.
[...] By vpnhaus 0 Comments Categories: Posts A while back we wrote a post about LogMeIn—a web-based remote access utility, which has been claimed to be sufficient enough to replace VPN [...]
Thanks for this. Any specifics as to why we should not use this over VPN? It is my understanding that on a corporate network you need to first have local admin rights to install logmein. Once installed, when connecting remotely, the user would need to authenticate to the network when connected to the computer. And if the computer is locked they would need to unlock it.
Also all traffic is captured using the internal proxy and firewalls. So what I am getting at here is, why is this not secure? Is it because its using a 3rd party as a middle man (logmein)?
Thanks I am just trying to understand the specifics.
I really liked your work, VPN Haus
Someone sitting in America, Canada or United Kingdon can not realize what it mean to use internet without all the blessings like facebook, twitter, flicker, and youtube e.t.c. But it was mty fate, till I discovered this amazing VPN service called Astrill. Now I can Bypass all international IP restrictions and finaly I feels like a frree man.
I advise all my chinse friends to use Astrill, the best use of your 19$, for 90 days of clearity.
http://www.astrill.com/
One thing to keep in mind with VPN, a VPN connection exposes the corporate network to the remote network. So all the of the security weaknesses or malicious software on the remote/home network is invited into the corporate network. With remote control tools like LogMeIn (or brokered RDP), it is a mostly one way transaction. While file transferring options are available – these features are sandboxed into the software itself and likely tested for security risks.
One you have a virtual LAN cable out of the corporate network, the possible ways that the corporate network could be compromised grow exponentially.
While many of you might be great network admins at home, most corporate users (and most of the top level people who get to use remote access) have very insecure networks at home and value convenience over security.
While this like many areas of IT can be debated, an audited, controllable solution like LogMeIn has more check points that can be easily reviewed than a VPN solution. So in some ways is more secure. This is similar to the SaaS vs. in-house Apps debate.
Thanks for your comment, Larry – we really appreciate your perspective.There are a few things that we think should be taken into consideration when using applications, like LogMeIn. First of all, these applications have the same security issues as SSL VPN. Secondly, the applications run inside a Web browser, so all the security vulnerabilities of that Web browser can potentially impact the security of the connection. Unfortunately, this is often overlooked or forgotten. Plus, users can access the remote server from any third party computer or terminal, which then could be used by non-privileged users if the session is not terminated properly. A particular concern in the case of LogMeIn, is that all communication is transacted via a third party LogMeIn Gateway system. As we know, with SSL it is surprisingly easy to hijack sessions and intercept and decrypt SSL traffic.
A common myth about Layer 3 VPNs is that they are exposing the corporate network in an uncontrolled way. However, this isn’t the case if this is implemented correctly, as for example with the NCP Secure Enterprise VPN solution* that combines the IPsec tunnel with a managed client device firewall and managed endpoint protection component that ensures proper security control on the edge of the network. As NCP demonstrates, there are secure and robust VPN solutions available that surpass the security and functionality of SSL VPN solutions, such as LogMeIn.
Thanks again for your comment, Larry. We’re looking forward to hearing from you again.
*NCP engineering manages this blog.