Security UPDATE--Hamachi Cross-Platform VPN--January 31, 2007

LogMeIn Hamachi lets you connect systems together to build a VPN where such connectivity might not otherwise be possible. Learn more about it and get links to other security resources.

ITPro Today

January 30, 2007

8 Min Read
ITPro Today logo in a gray background | ITPro Today

PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

Why Juggle Multiple Systems? Combine & Save

http://findtechinfo.com/penton/nl/117

Email Discovery and Compliance

http://www.windowsitpro.com/go/ebooks/ilumin/discovery/?code=SECMid0131

The Essential Guide to Infrastructure Consolidation

http://www.windowsitpro.com/go/essential/hp/infrastructure/?code=SECHot0131

CONTENTS

===========================================

================================

Why Juggle Multiple Systems? Combine & Save Free trial. NetSuite's one system solution combines accounting, CRM & ecommerce in a single, powerful application. Learn more during a trial run. http://findtechinfo.com/penton/nl/117 === IN FOCUS: Hamachi Cross-Platform VPN

=============

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net Last week, I discussed Microsoft's Secure Socket Tunneling Protocol (SSTP) VPN technology, which will debut as part of Windows Vista Service Pack 1 (SP1) and Longhorn Server Beta 3. The VPN will work over standard Web ports and ease client-to-server connectivity. If you missed that editorial, you can read it at http://www.windowsitpro.com/Article/ArticleID/94977 This week, I learned about another VPN technology that I hadn't heard of before. LogMeIn Hamachi is a relatively simple tool that lets you connect systems together to build a VPN where such connectivity might not otherwise be possible. A couple really great features of Hamachi make it a very useful tool. The first is that it runs on Windows 2000, Windows XP, Windows Server 2003, Linux, and Mac OS X. The second interesting feature is that it's a UDP-based VPN technology, where most other VPNs are TCP-based. Because it's UDP-based, it can work in networks where other VPNs might not because it can traverse some overly restrictive policies and can operate behind networks that use Network Address Translation (NAT). The real "magic" of Hamachi is that it takes advantage of UDP operational characteristics. As you know, in order for TCP connections to take place, ports need to be open on firewalls, and when NAT is in use (with or without a firewall), the NAT router needs to forward traffic to the proper endpoint. In contrast, a NAT device (and sometimes a firewall) can be coaxed into accepting UDP traffic even when specific rules don't exist to allow that traffic. To get an idea of how Hamachi works under the hood, we can take a look at the Skype VoIP technology because Skype also uses UDP to traverse NAT networks and firewalls. If you head over to the heise Security Web site, you'll find a very interesting article, "The hole trick," (at the URL below) that explains what's happening under the hood of a Skype client. If you read the article, you'll come away with an understanding that applies to Hamachi. http://www.heise-security.co.uk/articles/82481 I've heard that Hamachi is especially useful for Windows administrators who need to use Microsoft Remote Desktop connectivity but can't due to restrictions on the network on which they happen to be at the moment, whether that network is at a hotel, conference center, library, coffee shop, or elsewhere. Hamachi can establish a VPN between two endpoints, and then Remote Desktop can be used over the Hamachi VPN. The same principle undoubtedly applies to many other tools that are useless without a VPN. There is at least one downside to Hamachi, though: It doesn't work when a system is behind a proxy server. Nevertheless, it looks like an incredibly useful tool and I intend to give it a try soon. You can learn more about it and download a copy at the URL below. http://hamachi.cc If you're interested in more technical, nitty-gritty details about how tools like Hamachi and Skype work, then take a look at RFC3489, "Simple Traversal of User Datagram Protocol Through Network Address Translators" at the URL below. The document explains the technique in considerable detail. http://tools.ietf.org/html/rfc3489 === SPONSOR: CA

======================================

Email Discovery and Compliance You know you need to manage your email data; how do you do it? What steps are you taking? What additional measures should you enact? What shouldn't you do? Get answers to these questions and get control of your vital messaging data. Download the free eBook today! http://www.windowsitpro.com/go/ebooks/ilumin/discovery/?code=SECMid0131 === SECURITY NEWS AND FEATURES

=======================

=========================

The Essential Guide to Infrastructure Consolidation Learn the essentials about how consolidation and selected technology updates build an infrastructure that can handle change effectively. http://www.windowsitpro.com/go/essential/hp/infrastructure/?code=SECHot0131 === GIVE AND TAKE

====================================

SECURITY MATTERS BLOG: Want to Test-Drive Vista? by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters Want to test Windows Vista without having to install it? Now you can, to some extent anyway. Read this blog article to learn how. http://www.windowsitpro.com/Article/ArticleID/94923 FAQ: Get a Command Prompt During a Vista or Longhorn Install by John Savill, http://www.windowsitpro.com/windowsnt20002003faq Q: How can I open a command prompt during Windows Vista or Longhorn Server installation? Find the answer at http://www.windowsitpro.com/Article/ArticleID/94962 SHARE YOUR SECURITY TIPS AND GET $100 Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. === PRODUCTS

=========================================

by Renee Munshi, [email protected] Extend Group Policy Control over Passwords Special Operations Software announced the release of Specops Password Policy 2.0, which works with Group Policy in Active Directory (AD). Specops Password Policy lets you configure password policies in any number of group policies and not just at the domain level of Group Policy. Some of the new features in version 2.0 are the ability to disallow words from specified dictionaries in passwords, to disallow incremental passwords (e.g., changing from password1 to password2), and to send an email notification when a password is about to expire. For more information, go to http://www.specopssoft.com WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to [email protected] and get a Best Buy gift certificate. === RESOURCES AND EVENTS

=============================

=============================

Learn to differentiate between computer records and business records. Learn the subjective meaning of business records and how to best manage regulatory requirements for email backup and retention. Download this special eGuide today! http://www.windowsitpro.com/go/guide/messageone/regrequirements/?code=0130secfeatwp === ANNOUNCEMENTS

====================================

===========================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and Security Pro VIP (second URL below).

http://www.windowsitpro.com/windowssecurity

http://www.securityprovip.com

Subscribe to Security UPDATE at

http://www.windowsitpro.com/Email/Index.cfm?action=archive

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=%%SUBSCRIBER_ID_TAG%%

Be sure to add [email protected] to your antispam software's list of allowed senders.

To contact us:

About Security UPDATE content -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About your product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]

View the Windows IT Pro privacy policy at

http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like