Re: hamachi zero-configuration vpn security???

["Stephen W. Bradley" <bradlesw () MUOHIO EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I use Hamachi everyday to connect to my home systems while at work and have
used it ever since listening to the Security Now Podcast.  I know other
people whom I respect that use it in production everyday.

I performed an initial startup to shutdown analysis of the traffic in my lab
and it does what they say it does.  The systems don't communicate with the
central server that performs the initial connection to transfer data after
they connect to each other.

It does work across firewalls.

The downside is that the initial connection is made to a central server so
if you are paranoid that could cause you some grief and since they were
recently purchased the continuation of the freeware version is in doubt.

Steve













- -----Original Message-----
From: Vuong Phung [mailto:vphung () SCIENCE SJSU EDU]
Sent: Wednesday, October 18, 2006 11:52 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] hamachi zero-configuration vpn security???

Hi everyone,

I wonder if anyone has taken advantage of this software and use it in their
production environment. Any pro and con??? Is it really secure as they
(hamachi website and Steve Gibson) said? I am not a security expert, so I
would like to have your input. I have the following questions:

1. Is it really secure as they said? Because from my testing, all you need
is a password, so I guess this whole VPN network is as secure as the
password that I created when setup hamachi client. And this concern me
because end users tend to use weak password.

2. OK let's say it's secure. How can you detect and control these VPN
networks because from what hamachi website mentions "Believe it or not, but
we are able to successfully mediate p2p connections in roughly 95% of all
cases we have dealt with so far. This includes peers residing behind various
firewalls or broadband routers (aka NAT devices). It is high-tech and it is
really cool :)" http://www.hamachi.cc/howitworks/

Thanks!


http://www.hamachi.cc/security/
http://www.grc.com/securitynow.htm
"Hamachi" Rocks!

This week Leo and I discuss and describe the brand new, ready to emerge from
a its long development beta phase, ultra-secure, lightweight,
high-performance, highly-polished, multi-platform, peer-to-peer and FREE!
personal virtual private networking system known as "Hamachi". After two
solid weeks of testing and intense dialog with Hamachi's lead developer and
designer, I have fully vetted the system's security architecture and have it
running on many of my systems. While I am travelling to Toronto this week,
Hamachi is keeping my roaming laptop securely and directly connected to all
of my machines back home. Don't miss this one!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vuong Phung
Operating Systems Administrator
College of Science - Dean's Office

San Jose State University
One Washington Square
San Jose, CA 95192-0099
Duncan Hall 33

Tel 1.408.924.5056
Fax 1.408.924.5033
Web https://ncs.science.sjsu.edu/helpdesk
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFFNmn4iCwky0/CC34RAqj0AJ48AJU5JBT1DET6aJDkgVkKjWeuxQCcDsOG
mVb3BkTsvTF5+4tAx4y7M9A=
=J0qb
-----END PGP SIGNATURE-----