Worms like MSBlaster or Slammer were poorly written. Both MSBlaster and Slammer infected a great number of computers, and generated such an excessive amount of network traffic - with the help of the exponentially growing number of infected hosts - that users could perceive a slowdown in Internet access even on uncompromised networks. Nothing demonstrates this better than the rapid spread of the Microsoft SQL Server worms in 2003.
#Remotelyanywhere vs logmein pro install#
If the users themselves are responsible for infecting their computers with Trojans, how can you trust them to properly secure their systems against direct attacks? Even competent network administrators can slip up and forget to install a patch or two, which, in the worst-case scenario, can allow attackers to run arbitrary code on the affected systems. They spread so quickly because users are surprisingly willing to violate fundamental rules when handling untrusted content. Email viruses, of course, are email attachments that are better classified as Trojan horses. The extremely quick penetration of so-called email viruses illustrates the lack of security-consciousness and the gullible nature of most Internet users. The greatest weakness is, however, the user himself. Most of these computers are operated by home users and have gaping security holes such as unpatched vulnerabilities and a lack of proper passwords. Remote Access Axioms Everything is a Target With the penetration of broadband Internet connections, more and more computers are online 24/7. Security and attack mitigation Authentication and authorization of users to the target resource Authentication of the target resource to users Data confidentiality Authentication and authorization of users within the target resource The following security design objectives, listed in order of priority, guided the decision-making process: During the development of the software, security considerations always prevailed. RemotelyAnywhere was designed to allow secure remote access to critical resources over an untrusted network. It is possible to create direct connections to the host, or connecting via the “gateway”. The optional “gateway” is the RemotelyAnywhere SSH service that mediates traffic between the client and the host.
#Remotelyanywhere vs logmein pro software#
The “host” or the “server” is the computer being accessed, or the RemotelyAnywhere host software on this computer. The “client” or the “user” is the person or software accessing a remote resource. In the RemotelyAnywhere architecture, there are two or three entities that take part in every remote access session. Reading this paper can help the reader perform the necessary threat analysis before deploying our product. This document is technical in nature and is aimed at network engineers or network designers. By publishing the details on how the security mechanisms work and interoperate in our products, we are also inviting the public to scrutinize our efforts.
We at LogMeIn do not believe in security through obscurity, nor do we expect our customers to blindly accept our claims to important security features, such as end-to-end encryption.
This paper provides a look at the security features of LogMeIn’s RemotelyAnywhere. Márton Anka, Chief Technical Officer, LogMeIn, Inc. 9 Authentication and Authorization of Users Within the Target. 8 Authentication and Authorization of Users to the Target. 6 Authentication of the Target Resource to Users. RemotelyAnywhere Security Overview Contents
0 kommentar(er)
