LogMeIn and IPSec

VPNs: a Comparison
Author
Sean Jordan and Anthony Jackson are the primary authors of
this paper. 3am Labs have developed the technology used by
LogMeIn.

Abstract
This paper provides a comparison of how LogMeIn and IPSec
VPNs provide corporate LAN access to remote workers.
LogMeIn is a web-based remote access solution based on
technology pioneered in 3am Labs’ enterprise product,
RemotelyAnywhere. Its primary role is to allow end users to
access their home or office computers from a remote location
over the internet in a simple and secure manner.

white papers
LogMeIn vs. IPSec VPNs White Paper

Introduction
Who has remote access to your company’s IT system? If you think you know the answer,
think again. In today’s fast-changing mobile workplace, an IT administrator’s control
over a company’s IT system is not always assured, and is often hampered by the needs of
employees to access company network resources—including email, databases, and
mission-critical software—24 hours a day, 7 days a week. To stay efficient and
competitive, employees also often need access to such resources while at home or on the
road.

How do you ensure that employees have the remote access they need, while maintaining
the security protocols (firewalls, etc.) that keep intruders from gaining entry into your
company’s IT system?

IPSec Virtual Private Networks (IPSec VPNs) are not the answer. While they are
indispensable in what they are designed for, namely the linking of corporate networks,
and work seamlessly once set up, IPSec VPNs are cumbersome to configure and
expensive to maintain. In addition, there is a huge security risk in moving the corporate
security perimeter out to laptops, home offices, and customer sites.

LogMeIn is the simple, secure way to provide your company’s employees with remote
access to your company’s network resources without compromising network security.

© 2006 LogMeIn, Inc. All Rights Reserved.

-2-
LogMeIn vs. IPSec VPNs White Paper

Summary of LogMeIn vs. VPNs

LogMeIn IPSec VPNs

Software Requirements No client software needed. Requires client-side

software installation.

Configuration Automatic. Configuration required

on client.

Firewalls No change necessary. Special configuration of

firewalls necessary.

Encryption Industry standard 128- to Hardware and software

256-bit encryption. needed to meet
encryption requirements.

Capacity With applications running Fast-performing

on the LAN and only screen applications usually
images transmitted, accessed via the LAN can
performance is optimized. be are dramatically
slowed over VPNs.

Authentication Users are authenticated at May authenticate the

diverse endpoints. Security computer requesting the
passwords also augment connection rather then
protection. the user. Less secure.

Client Management No software installation Difficult and costly to

needed on the client – just a install and maintain
Web browser is required – applications on the
so TCO is reduced. remote system.

Security Integrates with existing Gives external computer

security and does not direct access to corporate
impact security of corporate LAN rights, which creates
LAN. potential security risks.

Network Not a network, but rather a Can be used to connect

secure tunnel to a particular offices.
computer.

VPNs have long been the standard tool used to provide mobile workers with remote
access to their companies’ network resources. A VPN ensures network security by
encrypting all data transfers between predetermined endpoints, even when such data is
channeled through a public network. While VPNs represent a viable option for remote
access, their inflexible setup requirements, which include the necessity of restricting
encrypted traffic to designated IP addresses, poses some problems.

LogMeIn is the secure and simple way to provide employees with quick remote access to
corporate network resources. With LogMeIn, no client-side software is needed, and all
data transferred is secured by 128- to 256-bit encryption.

© 2006 LogMeIn, Inc. All Rights Reserved.

-3-
LogMeIn vs. IPSec VPNs White Paper

Two Technologies: a Detailed Look

Software Requirements
Accessing a computer running LogMeIn requires only a web browser on the remote
end. No extra software needs to be installed; once the LogMeIn service is installed on the
host machine, that computer can be accessed from any internet-connected computer.
Via an internet café, a hotel business centre, or a colleague’s laptop, LogMeIn makes it
possible to access and control a computer in the corporate network within seconds.
VPNs, on the other hand, operate with special client software that must be installed on
all remote computers that connect to the corporate network. For effective remote access
via a VPN, it is nearly essential that travelers bring their computers with them –
computers over which the IS department has no control, and which may get stolen –
which may compromise the security of the corporate network.

One corollary of the foregoing is that LogMeIn users working remotely require a
computer that they may access at work. In many cases, however, it is more cost-effective
to provide remote users with this access, rather than set up a VPN.

Configuration
Every installation of VPN client software requires special configuration. LogMeIn,
meanwhile, auto-configures; with web-based administration and no firewall or router
concerns, all that’s required is installation of the software on host machines. Users need
only remember their email address and passwords, and keep track of any extra optional
security options they implement with their installation.

Firewalls
LogMeIn establishes a connection with the client computer via an outgoing SSL-secured
TCP connection, meaning that no firewall configuration is required. VPNs, on the other
hand, require the activation of port forwarding on the corporate network firewall or
router.

Capacity
LogMeIn transmits the image of the host screen to the remote computer – meaning
applications run as per normal, with no loss of performance on within the corporate
LAN. While using a VPN, the software on the remote computer is tightly integrated with
the network via a much slower connection. This can lead to a severe hit on the software’s
performance if the application needs to work with larger amounts of data.

Authentication & Security

With LogMeIn, varying authentication requirements can be applied to any user or group
of users. At the very least, the user must authenticate his LogMeIn session with his
email address and LogMeIn password. An incorrect attempt here forces the user to also
enter a multi-digit security code displayed as a bitmap on the screen; this protects against
brute-force password-guessing malware, as does LogMeIn’s automatic blocking of the
offending computer’s IP after five incorrect guesses. Furthermore, LogMeIn can be
configured to then implement a security layer demanding either a preordained one-time
password, or an emailed one-time password. LogMeIn then integrates with Windows’
native authentication by prompting the user for their Windows username and password.
Finally, LogMeIn can be configured to utilize an existing RSA SecurID authentication
server on the corporate network.

© 2006 LogMeIn, Inc. All Rights Reserved.

-4-
LogMeIn vs. IPSec VPNs White Paper

A variety of authentication methods, meanwhile, are available with different VPNs.

Some can authenticate automatically based on the identity of, say, a laptop machine,
thus giving a remote computer, and not a person, access to a LAN. For obvious reasons
this can become a very critical security threat. LogMeIn’s security and authentication
components are, by default, far and away less vulnerable to foul play than VPNs

Client & Host Management

LogMeIn obeys Windows user rights and group policies. In essence, then, the software
provides a window onto Windows, dovetailing smoothly with existing security and user
rights structures. It is at once a turnkey remote access solution that requires no client
management; the fully-featured client is nothing more than any Web browser. Client
management with VPNs, meanwhile, is often the most problematic aspect of using that
system. Remote computers require the same software to be installed on them as can be
found on the corporate LAN

For host management, LogMeIn offers a network solution called the LogMeIn Scout.
This allows for easy deployment of LogMeIn hosts across a network, as well as automatic
scans of the network for any existing remote-access software. The Scout even allows the
system administrator to enable and disable the remote-access software that it finds.

© 2006 LogMeIn, Inc. All Rights Reserved.

-5-
LogMeIn vs. IPSec VPNs White Paper

Conclusion
VPNs have long been the standard tool used to provide mobile workers with remote
access to their companies’ network resources. A VPN ensures network security by
encrypting all data transfers between predetermined endpoints, even when such data is
channeled through a public network. While VPNs represent a viable option for remote
access, their inflexible setup requirements, which include the necessity of restricting
encrypted traffic to designated IP addresses, pose great problems. Genuinely secure
VPNs are often only the result of a great amount of work, routine maintenance, and
vigilance on the part of the system administrator.

LogMeIn is the secure and simple way to provide employees with quick remote access to
corporate network resources. Built from the ground up to seamlessly integrate with and
complement existing Windows security structures, it provides fast and easy access to the
corporate LAN without enlarging its security perimeter. Finally, with its easy
maintenance and anytime-anywhere technology, LogMeIn provides a very low total cost
of ownership.

_________________________________________

Product Information: info@logmein.com

Sales Inquiries: sales@logmein.com (800) 993-1790
Press: press@logmein.com
Partner Information: partners@logmein.com

500 Unicorn Park Drive, Woburn, MA01801

_________________________________________

© 2006 LogMeIn, Inc. All Rights Reserved.

-6-