Remote Desktop Security
|
View:
New views
14 Messages
—
Rating Filter:
Alert me
|
 |
Remote Desktop Security
by jaredmalthus
::
Rate this Message:
I need to be PCI compliant using a remote access program called LogMeIn. Does anyone have any suggestions on two-factor authentication solutions that work with LogMeIn?
|
|
|
Re: Remote Desktop Security
by Erik Boles
::
Rate this Message:
If you are willing to switch to WiSSH you could. But I don't know of
any 2x for LogMeIn Erik On Aug 30, 2008, at 7:54 PM, "jaredmalthus" <jared.malthus@...> wrote: > > I need to be PCI compliant using a remote access program called > LogMeIn. > Does anyone have any suggestions on two-factor authentication > solutions that > work with LogMeIn? > -- > View this message in context: http://www.nabble.com/Remote-Desktop-Security-tp19238126p19238126.html > Sent from the Web App Security mailing list archive at Nabble.com. > > > --- > ---------------------------------------------------------------------- > Sponsored by: Watchfire > Methodologies & Tools for Web Application Security Assessment > With the rapid rise in the number and types of security threats, web > application security assessments should be considered a crucial > phase in the development of any web application. What methodology > should be followed? What tools can accelerate the assessment > process? Download this Whitepaper today! > > https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F > --- > ---------------------------------------------------------------------- > ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
|
|
Re: Remote Desktop Security
by Kish Pent
::
Rate this Message:
Try RSASecurID or Phonefactor's two factor authentication scheme.
Overview of what is available in LogMeIn Pro version can be found here, https://secure.logmein.com/security.asp Documentation of security features for LogMeIn can be found here... https://secure.logmein.com/documentation/Security/wp_lmi_security.pdf Cheers :) Kish -- Kishore Parthasarathy, Penetration Tester, Smart Security, 17/1,Upstairs, Sarojini St,T.Nagar, Chennai - 600 017 Phone: 91 98841 80767 --- On Sat, 8/30/08, jaredmalthus <jared.malthus@...> wrote: > From: jaredmalthus <jared.malthus@...> > Subject: Remote Desktop Security > To: webappsec@... > Date: Saturday, August 30, 2008, 6:47 PM > I need to be PCI compliant using a remote access program > called LogMeIn. > Does anyone have any suggestions on two-factor > authentication solutions that > work with LogMeIn? > -- > View this message in context: > http://www.nabble.com/Remote-Desktop-Security-tp19238126p19238126.html > Sent from the Web App Security mailing list archive at > Nabble.com. > > > ------------------------------------------------------------------------- > Sponsored by: Watchfire > Methodologies & Tools for Web Application Security > Assessment > With the rapid rise in the number and types of security > threats, web application security assessments should be > considered a crucial phase in the development of any web > application. What methodology should be followed? What tools > can accelerate the assessment process? Download this > Whitepaper today! > > https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F > ------------------------------------------------------------------------- ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
|
|
Re: Remote Desktop Security
by henryclancy
::
Rate this Message:
I have tried Phonefactor for LMI and it works great. Phonefactor seamlessly integrates with LMI and is very easy/convenient to use.
|
|
|
|
|
|
RE: Remote Desktop Security - Compliance VS Pen-Test
by Rivest, Philippe-2
::
Rate this Message:
(I don't want to branch out this conversation)
Don't you belive that compliance and Pen-Test is 2 different domains? Let me explain what I think, compliance is for marketability but it also ensure that a client is doing at least the MINIMUM. The goal is always to aim to at least the minimum. But it is minimum at everything, and this is important (everything important..) Pen-Test will do a maximum damage with minimal effort I know. It will probably succeed, but Pen-Test is covered in a compliance check as of SOX and COBIT. A Pen-Test is aiming at proving security can still improve and should be used as such because we all know that most if not every network can be penetrated. It should be a mean with which you can prove to management that you still need some funding. I'd like to point out to the quote I use in my emails: "Everything that can fail, will fail. If something can't fail, it will fail anyway" - Murphy Merci / Thanks Philippe Rivest, CEH, Network+, Server+, A+ Vérificateur interne en sécurité de l'information Courriel: Privest@... Téléphone: (514) 331-4417 www.transforce.ca Vous pourriez imprimer ce courriel, mais faire pousser un arbre c'est long. You could print this email, but it does takes a long time to grow trees. "Everything that can fail, will fail. If something can't fail, it will fail anyway" - Murphy -----Message d'origine----- De : listbounce@... [mailto:listbounce@...] De la part de Kish Pent Envoyé : 2 septembre 2008 03:14 À : Nate McFeters Cc : webappsec@...; jaredmalthus Objet : Re: Remote Desktop Security Hi Nate, The point of having compliance as I understand is to "be marketable" to your customers (from their perspective) ... most people than not who've passed compliance will fail a thorough pen-test, hands down ;) We all know that compliance is crap to begin with, but that's the sad reality. Cheers :) Kish -- Kishore Parthasarathy, Penetration Tester, Smart Security, 17/1,Upstairs, Sarojini St,T.Nagar, Chennai - 600 017 Phone: 91 98841 80767 --- On Sun, 8/31/08, Nate McFeters <nate.mcfeters@...> wrote: > From: Nate McFeters <nate.mcfeters@...> > Subject: Re: Remote Desktop Security > To: kish_pent@... > Cc: webappsec@..., "jaredmalthus" <jared.malthus@...> > Date: Sunday, August 31, 2008, 5:50 PM > Hard to believe someone would PCI certify LogMeIn. Makes me > lose my faith > in PCI... oh wait, I never had any faith in it to begin > with. > > -Nate > > On Sun, Aug 31, 2008 at 5:45 AM, Kish Pent > <kish_pent@...> wrote: > > > Try RSASecurID or Phonefactor's two factor > authentication scheme. > > > > Overview of what is available in LogMeIn Pro version > can be found here, > > > > https://secure.logmein.com/security.asp > > > > Documentation of security features for LogMeIn can be > found here... > > > > > https://secure.logmein.com/documentation/Security/wp_lmi_security.pdf > > > > Cheers :) > > Kish > > > > > > -- > > Kishore Parthasarathy, > > Penetration Tester, Smart Security, > > 17/1,Upstairs, Sarojini St,T.Nagar, > > Chennai - 600 017 > > > > Phone: 91 98841 80767 > > > > --- On Sat, 8/30/08, jaredmalthus > <jared.malthus@...> wrote: > > > > > From: jaredmalthus > <jared.malthus@...> > > > Subject: Remote Desktop Security > > > To: webappsec@... > > > Date: Saturday, August 30, 2008, 6:47 PM > > > I need to be PCI compliant using a remote access > program > > > called LogMeIn. > > > Does anyone have any suggestions on two-factor > > > authentication solutions that > > > work with LogMeIn? > > > -- > > > View this message in context: > > > > http://www.nabble.com/Remote-Desktop-Security-tp19238126p19238126.html > > > Sent from the Web App Security mailing list > archive at > > > Nabble.com. > > > > > > > > > > ------------------------------------------------------------------------- > > > Sponsored by: Watchfire > > > Methodologies & Tools for Web Application > Security > > > Assessment > > > With the rapid rise in the number and types of > security > > > threats, web application security assessments > should be > > > considered a crucial phase in the development of > any web > > > application. What methodology should be followed? > What tools > > > can accelerate the assessment process? Download > this > > > Whitepaper today! > > > > > > > https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F > > > > ------------------------------------------------------------------------- > > > > > > > > > > > ------------------------------------------------------------------------- > > Sponsored by: Watchfire > > Methodologies & Tools for Web Application Security > Assessment > > With the rapid rise in the number and types of > security threats, web > > application security assessments should be considered > a crucial phase in the > > development of any web application. What methodology > should be followed? > > What tools can accelerate the assessment process? > Download this Whitepaper > > today! > > > > > https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F > > > ------------------------------------------------------------------------- > > > > ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
|
|
RE: Remote Desktop Security - Compliance VS Pen-Test
by Martin O'Neal
::
Rate this Message:
> (I don't want to branch out this > conversation) > Don't you belive that compliance and > Pen-Test is 2 different domains? No. :) Compliance is what it says on the tin; it is the process of verifying that your organisation is complying with the standards etc that it is obliged to, by law, or governing bodies, etc blah blah blah. Penetration testing (technical assessment) may be one of the ways that you establish whether you comply or not. Martin... ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
|
|
Re: Remote Desktop Security - Compliance VS Pen-Test
by Paul Johnston
::
Rate this Message:
Hi,
>Compliance is what it says on the tin; it is the process of verifying >that your organisation is complying with the standards etc that it is >obliged to, by law, or governing bodies, etc blah blah blah. > >Penetration testing (technical assessment) may be one of the ways that >you establish whether you comply or not. > > I think of them as two different style of testing. Say you're looking at a firewall. In a compliance test you'd review a configuration dump. In a pen test you'd run port scans against it and try exploits. In general, compliance testing is easier to do and quicker, but you are assuming the underlying implementation is secure, that it correctly follows your configuration. I think they're reasonable assumptions in practice, particularly for firewalls. Pen testing will also identify configuration not being followed correctly, and it provides some assurance of the security of the implementation. But there's a lot pen testing will miss - back doors being a good example. If you want the best possible testing, get both done. It'd be interesting to get different people to do each bit and compare the results. Paul ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
|
|
|
|
|
Re: Remote Desktop Security
by jaredmalthus
::
Rate this Message:
Thanks Kish,
I downloaded PhoneFactor for LogMeIn and "Wow" it is really slick. Just having my phone ring was "scary". I wish my bank account was set up on it every time I log in. It really makes perfect sense to use your phone as a authentication device now that you can port numbers if you change phone companies. Thanks again Jared
|
|
|
Re: Remote Desktop Security
by pgershwin
::
Rate this Message:
This is an interesting discussion and points out to me that you really are serving many masters when you profess security and authentication. Good thing about this PhoneFactor solution is that if someone else tries to access the user's account, user gets an immediate phone call. If the user wasn't authenticating, he knows someone else is trying. Granted, this could simply lead to calls to care, but it does drive some (perhaps subjective?) feeling of participation, control and influence among customers.
|
|
|
Re: Remote Desktop Security
by agoldwater
::
Rate this Message:
I think another benefit of the PhoneFactor solution is the primary value the user places in his or her cell phone. This greater value when compared to another more common 2-factor authentication solution of security tokens, means less lost authentication devices and less headaches for IT departments. The feeling of participation and control mentioned are enhanced by the nature of cellular phones which all ready create these feelings within users. |
|
|
Re: Remote Desktop Security
by pgershwin
::
Rate this Message:
So I guess the short answer is, if you want a quick easy PCI compliant 2-factor authentication for LogMeIn, PhoneFactor might be a solution for you. www.phonefactor.com/solutions/logmein.
|
|
|
Re: Remote Desktop Security
by agoldwater
::
Rate this Message:
yes! one thought I had, I guess the best way to hack this solution is to change the phone number that is called. Making sure that facility is secure seems to be very important in making this solution secure. |
| Free embeddable forum powered by Nabble | Forum Help |
