Re: Risk regarding remote login services

[Calvin Krzywiec <krzywiecc2 () SCRANTON EDU>]

We've setup an SSH proxy for use by faculty and staff. Most seem to be
happy with this. We block LogMeIn, GoToMyPC, etc. via our IPS.

--
Cal A. Krzywiec
Network Engineer
The University of Scranton
Phone: (570) 941-6748
Email: krzywiecc2 () scranton edu



Basgen, Brian wrote:
>  I'm working on ways to adequately assess the risk of solutions like
> LogMeIn, GoToMyPC, etc. The main concerns that I have so far are: (1)
> traditional end point security issues; (2) source addresses are
> essentially masked by the service; (3) these solutions are user
> managed/not IT controlled (no policy enforcement, for example); (4)
> confidential/sensitive data being sent through a third party in an
> unmanaged way; (5) the security of the third party becomes axiomatic to
> your institution.
>
>  The last four points, in particular, seem to make these solutions
> distinct from traditional VPN offerings.  I don't want to get into
> making spacious arguments about why this solution is problematic, but it
> seems difficult to latch onto specifics considering such an open field
> of possible risk.
>
>  I'm curious to know institutions that allow one of these solutions, and
> how they employ it. I'm also curious to hear from those that prohibit
> it, and what justifications they use for doing that.
>
> ~~~~~~~~~~~~~~~~~~
> Brian Basgen
> Information Security
> Pima Community College