Educause Security Discussion mailing list archives
Re: Risk regarding remote login services
From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Thu, 24 Apr 2008 08:55:06 -0700
Thanks everyone for your input. We've made the decision to block LogMeIn, GoToMyPC, etc, with our IPS as well. ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Calvin Krzywiec Sent: Wednesday, April 23, 2008 6:05 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Risk regarding remote login services We've setup an SSH proxy for use by faculty and staff. Most seem to be happy with this. We block LogMeIn, GoToMyPC, etc. via our IPS. -- Cal A. Krzywiec Network Engineer The University of Scranton Phone: (570) 941-6748 Email: krzywiecc2 () scranton edu Basgen, Brian wrote:I'm working on ways to adequately assess the risk ofsolutions likeLogMeIn, GoToMyPC, etc. The main concerns that I have sofar are: (1)traditional end point security issues; (2) source addresses are essentially masked by the service; (3) these solutions are user managed/not IT controlled (no policy enforcement, for example); (4) confidential/sensitive data being sent through a third party in an unmanaged way; (5) the security of the third party becomesaxiomaticto your institution. The last four points, in particular, seem to make these solutions distinct from traditional VPN offerings. I don't want to get into making spacious arguments about why this solution isproblematic, butit seems difficult to latch onto specifics considering such an open field of possible risk. I'm curious to know institutions that allow one of thesesolutions,and how they employ it. I'm also curious to hear from those that prohibit it, and what justifications they use for doing that. ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College
Current thread:
- Risk regarding remote login services Basgen, Brian (Apr 21)
- <Possible follow-ups>
- Re: Risk regarding remote login services Koerber, Jeff (Apr 22)
- Re: Risk regarding remote login services Basgen, Brian (Apr 22)
- Re: Risk regarding remote login services Calvin Krzywiec (Apr 23)
- Re: Risk regarding remote login services King, Ronald A. (Apr 23)
- Re: Risk regarding remote login services Gary Flynn (Apr 24)
- Re: Risk regarding remote login services Basgen, Brian (Apr 24)
- Re: Risk regarding remote login services Kevin Hayes (Apr 24)
- Re: Risk regarding remote login services Di Fabio, Andrea (Apr 24)