Jump to content

Log Me In Monitoring


Recommended Posts

Is it possible to monitor any LogMeIn connection on a corporate network? We suspect someone is using it, we don't want to block the site yet but monitor to see if it is being used on the work station we think.

Link to comment
Share on other sites

LogMeIn (from what I understand) always uses encryption (what type of encryption I am not aware). Monitoring it may be difficult. The best you can probably do without much difficulty is look for a LogMeIn connection and know which computer it's going to/from.

Link to comment
Share on other sites

  • 2 weeks later...

How about using a Wireshark filter "host logmein.com" and just look for a connection and a destination IP. The packets would be encrypted, but it should still come from logmein.com I guess?

Link to comment
Share on other sites

Something you can consider once you figure out who it is.

https://logmeinsupport.com/kblive/crm/selfservice/displaywh.jsp?DocId=2538

How do I block LogMeIn so my employees can't use it?

If you would like to prevent your employees from installing LogMeIn on their work computer, you should block secure.logmein.com on your firewall(s).

If you are on a Windows Domain, you may also install our Group Policy Object, which will allow you to limit access throughout your entire domain, without the need for firewall rules. Please see the link below for more information regarding our Group Policy Object.

How do I install the LogMeIn Active Directory Group Policy template (logmein.adm)?

Chris

Link to comment
Share on other sites

  • 1 month later...

Would it be possible for a DPI (deep packet inspection) to look into an encrypted traffic?

Link to comment
Share on other sites

  • 3 weeks later...

joeypesci - DPI in this case can allow an "authorized" MItM to inspect some encrypted elements. What happens, the DPI piece acts as a proxy between you and a far end SSL site. It exchanges certs with the far end site, then exchanges a different set of certs with the client, which are trusted. Therefore it splits the SSL stream into 2 distinct sessions, one between server and DPI and one between DPI and client. Decrypts server stream, inspects, then encrypts to client.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...