Would you think this was a bit sus?
 

This is a bit of a computer question but a bit good old fashioned NSR paranoia.

We had a new photocopier delivered today and the tech lad installed a few progs on the machines They did say if you have any problems with the copier we can log into it and change the settings - fine I said but I did wonder how they would gain access to it.

What I have found is logmein on my computer and its running. Now what exactly can you do with logmein? Can they view our client letters? our spreadsheets? our scanned correspondence?

I just found it a bit of a cheek that this was installed without asking and turned on without asking.

I`m no expert but isn`t that a programme for a user i.e. yourself to remotely access your own pc from wherever you are?

in theory they can do pretty much anything -- it connects to your console session

it can be set up so that you have to acknowledge the connection before they get control of the machine, they may have done this - but if not is is a cheek to set up without asking first

and with the "aknowledge" setting it is a bit cheeky

Yep, logmein basically means once he's logged into your PC (you'll know cause it pops a balloon up) he sees everything on your PC as if he's sitting at your desk using it.

it is remote access s/w. If its "your" tech lad that has installed logmein then I wouldnt worry about client access as its only your company that has access to it and if it is your company that installed the software, then perhaps your internet access and private stuff is being monitored. i.e. SNET, facebook, twitter blahblahblah.

If the tech lad was from the photocopy place, I would definitely query it, how come he has been able to install stuff on your machine? Doesnt your IT set privileges to admin only or can anyone go installing software in your company? (if so, your company is in big trouble lol)

It was the photocopy lad that installed the software.

We don't have any restrictions on who does what on the machines. What is the problem there - other than whats happened today.

Weak.

As above. LogMeIn is a great piece of software as it means you can log in from where-ever you are to that machine.

An outside company should not install that without asking you though as once they have logged in they are effectively sitting at the computer so can open files, access other network resources etc...

OK, so if logmein is turned on - do they still need permission to access the machine or can they just access whenever they choose?

Is your machine password protected?

The photocopier man would or should only install what you or your company has asked for.

You're gonna get raped....

Would the companies firewall not stop anyone outside the server accessing it?

:nono:

So anyone can install whatever they like, as everyone has admin privileges? I guess its a small company as nowhere with a (half decent) internal IT Dept would allow that.

No control over what is installed where = no licencing control. Users will install active content from web = virus/adware nightmares, support overheads cleaning up problems. Just two examples of where it will go wrong.

In the IT world, thats a recipe for disaster :freak3:

No, works on outbound port 443 - no firewall blocks that

That useful. thanks :rolleyes:



We are a small company and nobody uses the machines for anything other than work related stuff - except me who uses the odd forum. Its been like this since 1995 and we've never had a problem. There are restrictions as to what websites can be accessed but there is no restrictions on installing software.

All machines have a log in password if that helps.

Where I used to work the machine used to keep copies of everything that had been copied in its memory.... could make for quite an amusing hour if you knew how to access the memory... :lol1:

I'd make sure it's got permissions turned on. Otherwise, uninstall it.

There's your problem.
Things have moved on so much since then. Even the forums you go could have a virus, you just don't know. I seriously recommend you sort something out regarding IT security.
Just because you haven't been 'raped' before, doesn't mean it won't happen in the future. :thumb:

Is that the term then "raped" ?

Not very nice.

Will look into IT security.

I don't know but it will involve your trousers being pulled down, so I suppose the term is justified! :thumb:

I think the answer is to delete it anyway.

Les

I'm an IT system admin as well and basically its like you're driving a car flat out on a motorway, with no brakes, seatbelt, doors, windows, suspension or steering wheel.

You're probably already infected and don't even realise it. There's just so many threats out there you have to try hard not to be infected. Your firm hasn't even tried at all by the sound of it. Try shopping around for some cloud security services, because its just a matter of time before you lose some important data or your bank accounts get hacked

This has been a bit of a wake up call for us so thanks for the replies.

Being small we don't have an IT department and the machines have just been bolted on the network at will.

I'll recommend on Monday we get some external support in to help with the IT security. :thumb:

Just turn it off and make sure it doesn't start at boot up. That way, if you have a problem and they NEED to log in, you can simply run it.

I'd still have words about why they installed remote software without permission. Especially if it's running 24/7 as it doesn't need to.

Thats a very good point.

Les

Has your company even got a firewall in place (not that it would stop logmein by default)? There are so many questions screaming out to those of us who work as admins that yes getting in someone external is a very good call.

Above anything your company owner should be concerned his company data is safe from being stolen and safe from being tampered with/lost.

Some logmein application related info from our Palo Alto appliances... I'd get the application off there asap personally, then give the photocopy boy a smack.
Palo Alto rate it as level 5 - the highest risk they assign to an application.


Name: logmein
Description: LogMeIn is a suite of software services that provides remote access to computers over the Internet. The various product versions are designed for both end users and professional help desk personnel. LogMeIn remote access products use a proprietary remote desktop protocol that is transmitted via SSL. An SSL certificate is created for each remote desktop and is used for cryptographically secure communications between the remote desktop and the accessing computer. Users access remote desktops using an Internet-based web portal and, optionally, the LogMeIn Ignition stand-alone application. The portal also provides status information for the remote computers and, optionally, remote computer management functions. The service connects the remote desktop and the local computer using SSL over TCP or UDP and utilizing NAT Traversal techniques to achieve peer-to-peer connectivity when available.
Standard Ports: tcp/80,443
Capable of File Transfer: yes
Used by Malware: no
Excessive Bandwidth Use: yes
Evasive: yes
Tunnels Other Applications: yes
Depends on Applications: adobe-flash-socketpolicy-server, ssl, web-browsing

Category: networking
Subcategory: remote-access
Technology: client-server
Risk:
Widely Used: yes
Has Known Vulnerabilities: yes
Prone to Misuse: yes
Session Timeout (seconds):
36000
TCP Timeout (seconds):
UDP Timeout (seconds):

New phrases that will be in the dictionary soon;

Frape - having your Facebook account hijacked

Phrape - having your mobile phone hijacked


No doubt there are others out there too. Does Trape exist? Probably.

Not knowing what your company does, this is something to consider.

Storing any sort of customer details on your system means that you have to comply to a lot of data protection laws - having your system unprotected could mean you are breaking some/many of them.


Scenario: systems gets hacked (very simple if it's just a load of machines plugged into various hubs/home routers), customer details stolen, intrusion traced back to your machines, find out what data was stored and how, now you're to blame for what could be anything from ID fraud, to £££££££'s being stolen.

Sounds extreme, but it happens! Get your security sorted!


Scott. :thumb:

(Studying computer networks & security degree, and also Certified Ethical Hacker)