and as in the case of PCI and other compliance certifications, you might have to prove that any 'connected' partner also passes compliance testing
Erik Goldoff IT Consultant Systems, Networks, & Security _____ From: Dallas Burnworth [mailto:[email protected]] Sent: Tuesday, December 30, 2008 9:35 AM To: NT System Admin Issues Subject: RE: LogMeIn Exactly. I would add to that list * Free to use, but how much does it cost you if it stops working correctly? * What will your auditors or the BSA think of the setup? (It would be very interesting to see their recommendation.) * Does the company actually have a paid and supported version? That is usually an indicator that the "free" version is for personal use only-not business/organizational use. _____ From: Derek Lidbom [mailto:[email protected]] Sent: Tuesday, December 30, 2008 6:19 AM To: NT System Admin Issues Subject: RE: LogMeIn * What about the fact that it bypasses (using encrypted traffic even) any protections you have in place to filter/monitor/scan traffic passing through your gateway? * It introduces a new attack vector (files can get on that computer in ways they couldn't have before). * You are trusting logmein with credentials that allow access to your internal network. Companies bigger than them get usernames/passwords stolen. * You have less logging of intrusion attempts (to my knowledge) than if you were going through your own equipment * It is another piece of software to keep updated on your clients * How do you protect the usernames/passwords users use to access logmein? (hopefully any vpn solution would have two-factor auth so creds aren't a free path in to your network). I know they have some sort of two factor integration options, but I don't think it's at the first username/password prompt. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
