Securing Your Account
Enable settings that help prevent unauthorized access to your account.
A well-configured remote access solution increases productivity with no adverse impact on network security.
Here's what to do to secure your LogMeIn remote access implementation:
- Ensure that the process of logging in to the LogMeIn website or apps is as secure as possible
- Manage LogMeIn users in a secure way
- Manage and access your LogMeIn host computers with an eye on extra security
- Help your users secure their workstations
- Defend against attack from scammers, malware, and keyloggers
- Protect your POS terminals and sensitive data
Overview of LogMeIn Security Architecture
Before looking at the specific actions you can take to secure your implementation of LogMeIn, you should understand the basics of LogMeIn's security architecture. There are three key components to any LogMeIn remote access session:
Any device you use to access a computer in your LogMeIn account is called a client. The client is "welcomed" by the host. The client can be a PC or Mac, or a phone or tablet running Android or iOS:
- From a PC or Mac, log in to LogMeIn.com or use the LogMeIn Client desktop app
- From iPhone, iPad, or iPod touch, use the LogMeIn app
- From an Android device, use the LogMeIn app
- The host is the computer to which you are connecting. Some call it the remote computer since it is the computer you are "remote controlling." Each computer you want to access must be running the LogMeIn host software. In a sense, the LogMeIn host software safely and securely "opens the door" to a computer for a qualified remote user.
- The LogMeIn gateway refers to sets of servers in our secure datacenters. With LogMeIn, instead of establishing a direct link between the client and the host, the LogMeIn gateway brokers this connection.
When you connect to a host computer from a client (that is, when you connect to a remote computer from a computer or mobile device), you must first log in to your LogMeIn account. You are then presented a list of your computers that are running the LogMeIn host software (these are computers to which you can connect). In order to actually connect and control a computer, you must enter a valid password for that computer.
Users must be authenticated by both the gateway and host computers. An email address and password verification is performed whenever a user logs on to the website or via the app. Users are advised to enable one or more extra security features to strengthen this authentication step.
What are self-signed certificates used for?
A part of the security measures, protecting the connection between your computers, are certificates. Typically, a connection between a client computer - the one that you are sitting at - and a remote host computer - the one that you want to access - involves three parties:
- The gateway acts as a relay between the client and the host. It has a signed certificate, issued by a trusted organization, like VeriSign. Due to the signed certificate, whenever the gateway sends information, both the client and the host can trust that it comes from a reliable source; from the real gateway. As soon as the client (or the host) verifies the validity of the gateway's certificate, they start using an encryption key for encrypting and decrypting messages. Basically, the gateway's role is to set up a secure communication channel between the client and the host through the gateway.
Self-signed certificates are used in the following cases:
- Encrypt host credentials with the host's public key and save it on the client or in the browser for automatic login to the host and running One2Many tasks (available in LogMeIn Central only).
Since encrypted with the host's public key, only the host can decrypt credentials with its own private key. For more information on public and private keys, see https://en.wikipedia.org/wiki/Public-key_cryptography.
- For setting up a connection between the host and the "native client" for Remote Control and File Manager sessions. In this case, the client receives the host's self-signed certificate over a secure channel, making it possible to trust the host even though the certificate is only self-signed.