Re: Remote Desktop Security

[Kish Pent <kish_pent () yahoo com>]

Hi Nate,

The point of having compliance as I understand is to "be marketable" to your customers (from their perspective) ... 
most people than not who've passed compliance will fail a thorough pen-test, hands down ;)

We all know that compliance is crap to begin with, but that's the sad reality.

Cheers :)
Kish

--
Kishore Parthasarathy, 
Penetration Tester, Smart Security,
17/1,Upstairs, Sarojini St,T.Nagar, 
Chennai - 600 017

Phone: 91 98841 80767


--- On Sun, 8/31/08, Nate McFeters <nate.mcfeters () gmail com> wrote:

> From: Nate McFeters <nate.mcfeters () gmail com>
> Subject: Re: Remote Desktop Security
> To: kish_pent () yahoo com
> Cc: webappsec () securityfocus com, "jaredmalthus" <jared.malthus () gmail com>
> Date: Sunday, August 31, 2008, 5:50 PM
> Hard to believe someone would PCI certify LogMeIn.  Makes me
> lose my faith
> in PCI... oh wait, I never had any faith in it to begin
> with.
>
> -Nate
>
> On Sun, Aug 31, 2008 at 5:45 AM, Kish Pent
> <kish_pent () yahoo com> wrote:
>
> > Try RSASecurID or Phonefactor's two factor
> authentication scheme.
> > Overview of what is available in LogMeIn Pro version
> can be found here,
> > https://secure.logmein.com/security.asp
> >
> > Documentation of security features for LogMeIn can be
> found here...
> >
> https://secure.logmein.com/documentation/Security/wp_lmi_security.pdf
> > Cheers :)
> > Kish
> >
> >
> > --
> > Kishore Parthasarathy,
> > Penetration Tester, Smart Security,
> > 17/1,Upstairs, Sarojini St,T.Nagar,
> > Chennai - 600 017
> >
> > Phone: 91 98841 80767
> >
> > --- On Sat, 8/30/08, jaredmalthus
> <jared.malthus () gmail com> wrote:
> > > From: jaredmalthus
> <jared.malthus () gmail com>
> > > Subject: Remote Desktop Security
> > > To: webappsec () securityfocus com
> > > Date: Saturday, August 30, 2008, 6:47 PM
> >  > I need to be PCI compliant using a remote access
> program
> > > called LogMeIn.
> > > Does anyone have any suggestions on two-factor
> > > authentication solutions that
> > > work with LogMeIn?
> > > --
> > > View this message in context:
> http://www.nabble.com/Remote-Desktop-Security-tp19238126p19238126.html
> > > Sent from the Web App Security mailing list
> archive at
> > > Nabble.com.
> -------------------------------------------------------------------------
> > > Sponsored by: Watchfire
> > > Methodologies & Tools for Web Application
> Security
> > > Assessment
> > > With the rapid rise in the number and types of
> security
> > > threats, web application security assessments
> should be
> > > considered a crucial phase in the development of
> any web
> > > application. What methodology should be followed?
> What tools
> > > can accelerate the assessment process? Download
> this
> > > Whitepaper today!
> https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
> > >
> -------------------------------------------------------------------------
> >
> -------------------------------------------------------------------------
> > Sponsored by: Watchfire
> > Methodologies & Tools for Web Application Security
> Assessment
> > With the rapid rise in the number and types of
> security threats, web
> > application security assessments should be considered
> a crucial phase in the
> > development of any web application. What methodology
> should be followed?
> > What tools can accelerate the assessment process?
> Download this Whitepaper
> > today!
> https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
> >
> -------------------------------------------------------------------------
> >


      

-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------