Detailed instructions for use are in the User's Guide.
[. . . ] LogMeIn Rescue Architecture:
An Overview
2
LogMeIn Rescue Architecture: An Overview
Table of Contents
Introduction DataConfidentiality Authentication KeyAgreement MessageExchange AuthenticationandAuthorization AuditingandLogging DataCenterArchitecture Conclusion LogMeInRescueHIPAAConsiderations AnoverviewoftheLogMeInRescueGatewayHand-offprocess 3 3 4 4 5 5 7 8 8 9 10
Author
MártonAnka, CTOofLogMeIn, Inc. , istheprimaryauthorofthispaper.
Abstract
ThispaperprovidesanoverviewofthearchitecturebehindLogMeInRescue. Topicsdiscussedincludedataconfidentiality, authenticationandauthorization, auditingandlogging, andhostinghighlights.
ProductInformation: SalesInquiries: Press: Address:
info@LogMeIn. com sales@LogMeIn. com (800)993-1790 press@LogMeIn. com 500UnicornParkDrive, Woburn, MA01801 www. LogMeIn. com
©2009 LogMeIn Inc.
3
LogMeIn Rescue Architecture: An Overview
Introduction
Scalability, security, reliability and ease of use. Thesefourcharacteristics, innoparticularorder, arewhatdescribea
greatremotesupportsolution. They, however, donotalwaysgohand-in-hand. It'seasytofindaremotesupportsolution thatprovidestwoormaybethreeoftheabovecriteria, butasolutionthatdeliversonallfourfrontsisrare. LogMeIn, Inc. providesjustsuchasolutionwithLogMeInRescue.
Scalability. [. . . ] AdministratorscanalsospecifytoallowtechnicianstorunanActiveXapplet. Thisisparticularlybeneficialinlocked-down environments, whereunapproved. exefilesarenorpermittedtoberun. The supported user is not authenticated. It is up to the technician to determine who the user is, either via chat or a telephoneconversation. TheRescuesystemdoesprovideauthentication-likemechanismssuchasuniquePINcodes, but theseareusedforroutingthesupportsessiontothecorrectprivateorsharedqueue, andshouldnotbeconstruedasan authenticationsystem.
Key Agreement
Whenasupportsessionstartsandaconnectionisestablishedbetweenthesupporteduserandthetechnician, theircomputers mustagreeonanencryptionalgorithmandacorrespondingkeytobeusedforthedurationofthesession. Theimportance ofthisstepisoftenoverlooked, andthisissomewhatunderstandable:itseemslikeamundanetaskthatshouldbesimple andstraightforward. Itis, however, everythingbutsimple:tocounterso-calledman-in-the-middleattacks(wherecomputer CwouldpositionitselfbetweencomputerAandBandimpersonatetheotherpartytobothAandB)again, certificatesmust beemployed. SinceneitherthetechniciannortheenduserhaveserversoftwareandanSSLcertificateinstalledontheir computers, theybothturntooneoftheLogMeInRescueserversandperformtheinitialphaseofthekeyagreementwiththis computer. VerificationofthecertificatebyboththeTechnicianConsoleandtheenduserappletensuresthatonlyaRescue servercanmediatetheprocess.
©2009 LogMeIn Inc.
5
LogMeIn Rescue Architecture: An Overview
Message Exchange
SSLallowsforawiderangeofciphersuitestobeusedandthecommunicatingpartiescanagreeonanencryptionscheme they both support. This has two primary purposes: first, the protocol can be extended with new cipher suites without breakingbackwardscompatibility, andsecond, newerimplementationscandropsupportforsuitesthatareknowntocontain cryptographicalweaknesses. SinceallthreecomponentsoftheLogMeInRescuecommunicationssystemareunderLogMeIn'scontrol, theciphersuiteused bythesecomponentsisalwaysthesame:AES256-SHAincipher-blockchainingmodewithRSAkeyagreement. Thismeans thefollowing:
· · · ·
TheencryptionkeysareexchangedusingRSAprivate/publickeypairs, asdescribedintheprevioussection AES, shortforAdvancedEncryptionStandard, isusedastheencryption/decryptionalgorithm Theencryptionkeyis256bitslong SHA-1isusedasthebasisofmessageauthenticationcodes(MACs). AMACisashortpieceofinformationusedto authenticateamessage. TheMACvalueprotectsbothamessage'sintegrityaswellasitsauthenticity, byallowing thecommunicatingpartiestodetectanychangestothemessage.
·
Cipher-blockchaining(CBC)modeensuresthateachciphertextblockisdependentontheplaintextblocksupto thatpoint.
Theaboveensuresthatdatatravelingbetweenthesupportedenduserandthetechnicianareencryptedend-to-end, andonly therespectivepartieshaveaccesstotheinformationcontainedwithinthemessagestream.
Authentication and Authorization
AuthenticationandauthorizationinLogMeInRescueservestwodistinctpurposes. Thefirstone, authentication, ensuresthat thetechnicianoradministratorloggingintotheRescuesystemisinfactwhoheclaimstobe. Authenticationishandledinaverystraightforwardmanner:techniciansareassignedloginIDs(usuallymatchingtheiremail addresses)andcorrespondingpasswordsbytheiradministrators. ThesecredentialsareenteredintotheLoginformonthe LogMeInRescuewebsiteatthestartofatechnicianworkday.
©2009 LogMeIn Inc.
6
LogMeIn Rescue Architecture: An Overview
LogMeInRescuealsoofferssignificantsecuritybenefitswithAdministratorshavinganumberofoptionsforpasswordpolicy. Theseinclude:
· · · ·
Requiringaminimumpasswordstrengthtobeimplemented. Abuilt-inmetershowsAdministratorsandtechnicians thestrengthofthechosenpasswordandhelpsthemtochooseapasswordoftherequiredstrength. Administratorscanenforceaminimumrequiredpasswordstrength. ForcingtechnicianstochangetheirRescuepasswordonthenextoccasiontheylogin. Specifyingamaximumpasswordage
LogMeIn Rescue also allows Administrators to implement a Single Sign-On (SSO) policy. The Security Assertion Markup Language (SAML) is employed and is an XML standard for exchanging authentication and authorization data between security domains, that is, between anidentity provider and a service provider. Technicians then have access only to predefinedapplicationsandasingleSSOIDtologintothoseapplications. Attheflickofaswitch, atechnician'sSSOIDcanbe disabled. Authorization, ontheotherhand, happensveryfrequentlyatleastonceduringeveryremotesupportsession. Thesupportedenduser, afterdownloadingandrunningthesupportapplet, willbecontactedbyatechnician. Thetechnician canchatwiththeenduserviatheapplet, butanyfurtheraction, suchassendingafileorviewingtheenduser'sdesktop, requiresexpresspermissionfromtheuser. AdministratorscanalsoimposeIPaddressrestrictionsontheirtechnicians. Whenselected, theIPaddressesavailablecanbe restrictedtoaverynarrowlist. TechniciansassignedtoaparticulartaskcanthenonlyaccessRescuefrompre-approvedIP addressesforthattask. [. . . ] Thediskspacetakenupbytheserecordingsvarieswidely, anddependsentirelyonthecontents(andcompressibility)ofthe supportedenduser'sdesktop, butbasedonananalysisofmillionsofremotecontrolsessionsutilizingLogMeIn'stechnology, theaveragediskspacerequirementforoneminuteofremotecontroldataisbetween372and1024Kbytes. TherecordingsarestoreddirecttoAVIorinanintermediateLogMeInproprietaryformatthatcanbeconvertedtostandardAVI filesbythe"RescueAVIConverter"applicationdownloadablefromtheSupportsectionoftheLogMeInRescuewebsite. The LogMeInproprietaryformat, calledRCREC, cancutrecordingsizebyabout10%.
©2009 LogMeIn Inc.
8
LogMeIn Rescue Architecture: An Overview
Data Center Architecture
LogMeInRescueishostedinstate-of-the-art, securedatacentersthatfeature:
· · · ·
Multi-layersecuritycontrolprocedures, biometricentrysystems, and24/7closed-circuitvideoandalarmmonitoring UninterruptibleredundantACandDCpower, onsitebackuppowergenerators HVACredundantdesignwithairdistributionunderraisedflooringformaximumtemperaturecontrol Smokedetectionsystemaboveandbelowraisedfloor;double-interlock, pre-action, dry-pipefiresuppression
TheLogMeInRescueinfrastructureitselfishighlysecureandreliable:
· · · · · · · ·
Redundancyontheservercomponentlevel:redundantpowersuppliesandfans, RAID-1mirroredharddisks Redundancyontheserverlevel:dependingonrole, active/passiveoractive/activeclusters Redundancyonthedatacenterlevel:threedatacenters(USWestCoast, USEastCoastandLondon, UK)withnearinstantfailovercapabilities Dualredundantfirewallswithonlyports80and443open Active/passivedatabaseclusters RedundantloadbalancersincludingSSL Load-balancedandredundantwebandapplicationserverclusters Load-balancedandredundantgatewayserverclusters
Conclusion
Choosingaremotesupportsolutionisoftenadecisionbasedonfeaturesandpricing. Ifyouarereadingthisdocument, then it is likely that LogMeIn Rescue has met your needs in these categories. TheSessionAuthenticationGUIDisa128-bit, cryptographically-randomintegervalue.
©2009 LogMeIn Inc. [. . . ]