[ISN] Hamachi Cross-Platform VPN

From: InfoSec News (alerts@private)
Date: Thu Feb 01 2007 - 03:35:47 PST

Forwarded from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com>


Why Juggle Multiple Systems? Combine & Save

Email Discovery and Compliance

The Essential Guide to Infrastructure Consolidation

=== CONTENTS ===================================================

IN FOCUS: Hamachi Cross-Platform VPN

   - GoDaddy.com Abuse Policy Takes SecLists.Org Offline
   - Researchers Find Fault with Extended Validation Certificates
   - Recent Security Vulnerabilities

   - Security Matters Blog: Want to Test-Drive Vista?
   - FAQ: Get a Command Prompt During a Vista or Longhorn Install
   - Share Your Security Tips

   - Extend Group Policy Control over Passwords
   - Wanted: Your Reviews of Products 




=== SPONSOR: NetSuite ==========================================

Why Juggle Multiple Systems? Combine & Save
   Free trial. NetSuite's one system solution combines accounting, CRM 
& ecommerce in a single, powerful application. Learn more during a 
trial run.

=== IN FOCUS: Hamachi Cross-Platform VPN =======================
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Last week, I discussed Microsoft's Secure Socket Tunneling Protocol 
(SSTP) VPN technology, which will debut as part of Windows Vista 
Service Pack 1 (SP1) and Longhorn Server Beta 3. The VPN will work over 
standard Web ports and ease client-to-server connectivity. If you 
missed that editorial, you can read it at

This week, I learned about another VPN technology that I hadn't heard 
of before. LogMeIn Hamachi is a relatively simple tool that lets you 
connect systems together to build a VPN where such connectivity might 
not otherwise be possible. 

A couple really great features of Hamachi make it a very useful tool. 
The first is that it runs on Windows 2000, Windows XP, Windows Server 
2003, Linux, and Mac OS X. The second interesting feature is that it's 
a UDP-based VPN technology, where most other VPNs are TCP-based. 
Because it's UDP-based, it can work in networks where other VPNs might 
not because it can traverse some overly restrictive policies and can 
operate behind networks that use Network Address Translation (NAT). 

The real "magic" of Hamachi is that it takes advantage of UDP 
operational characteristics. As you know, in order for TCP connections 
to take place, ports need to be open on firewalls, and when NAT is in 
use (with or without a firewall), the NAT router needs to forward 
traffic to the proper endpoint. In contrast, a NAT device (and 
sometimes a firewall) can be coaxed into accepting UDP traffic even 
when specific rules don't exist to allow that traffic. 

To get an idea of how Hamachi works under the hood, we can take a look 
at the Skype VoIP technology because Skype also uses UDP to traverse 
NAT networks and firewalls. If you head over to the heise Security Web 
site, you'll find a very interesting article, "The hole trick," (at the 
URL below) that explains what's happening under the hood of a Skype 
client. If you read the article, you'll come away with an understanding 
that applies to Hamachi. 

I've heard that Hamachi is especially useful for Windows administrators 
who need to use Microsoft Remote Desktop connectivity but can't due to 
restrictions on the network on which they happen to be at the moment, 
whether that network is at a hotel, conference center, library, coffee 
shop, or elsewhere. Hamachi can establish a VPN between two endpoints, 
and then Remote Desktop can be used over the Hamachi VPN. The same 
principle undoubtedly applies to many other tools that are useless 
without a VPN. 

There is at least one downside to Hamachi, though: It doesn't work when 
a system is behind a proxy server. Nevertheless, it looks like an 
incredibly useful tool and I intend to give it a try soon. You can 
learn more about it and download a copy at the URL below. 

If you're interested in more technical, nitty-gritty details about how 
tools like Hamachi and Skype work, then take a look at RFC3489, "Simple 
Traversal of User Datagram Protocol Through Network Address 
Translators" at the URL below. The document explains the technique in 
considerable detail. 

=== SPONSOR: CA ================================================

Email Discovery and Compliance
   You know you need to manage your email data; how do you do it? What 
steps are you taking? What additional measures should you enact? What 
shouldn't you do? Get answers to these questions and get control of 
your vital messaging data. Download the free eBook today!

=== SECURITY NEWS AND FEATURES =================================

GoDaddy.com Abuse Policy Takes SecLists.Org Offline
   SecLists.Org, a popular site that archives the messages from 
numerous popular security mailing lists, was temporarily shut down by 
GoDaddy.com after complaints by MySpace.

Researchers Find Fault with Extended Validation Certificates
   Researchers from Stanford University and Microsoft Research have 
concluded that extended validation (high assurance) certificates used 
in conjunction with Microsoft Internet Explorer (IE) 7.0 don't 
necessarily improve a user's ability to detect phishing attacks. 

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at

=== SPONSOR: Hewlett-Packard ===================================

The Essential Guide to Infrastructure Consolidation
   Learn the essentials about how consolidation and selected technology 
updates build an infrastructure that can handle change effectively.

=== GIVE AND TAKE ==============================================

SECURITY MATTERS BLOG: Want to Test-Drive Vista?
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=488D2:57B62BBB09A6927982FBAF992E8490C7

Want to test Windows Vista without having to install it? Now you can, 
to some extent anyway. Read this blog article to learn how.  

FAQ: Get a Command Prompt During a Vista or Longhorn Install
   by John Savill, http://list.windowsitpro.com/t?ctl=488CF:57B62BBB09A6927982FBAF992E8490C7 

Q: How can I open a command prompt during Windows Vista or Longhorn 
Server installation?

Find the answer at

   Share your security-related tips, comments, or problems and 
solutions in Security Pro VIP's Reader to Reader column. Email your 
contributions to r2r@private If we print your submission, 
you'll get $100. We edit submissions for style, grammar, and length.

=== PRODUCTS ===================================================
   by Renee Munshi, products@private

Extend Group Policy Control over Passwords
   Special Operations Software announced the release of Specops 
Password Policy 2.0, which works with Group Policy in Active Directory 
(AD). Specops Password Policy lets you configure password policies in 
any number of group policies and not just at the domain level of Group 
Policy. Some of the new features in version 2.0 are the ability to 
disallow words from specified dictionaries in passwords, to disallow 
incremental passwords (e.g., changing from password1 to password2), and 
to send an email notification when a password is about to expire. For 
more information, go to

WANTED: your reviews of products you've tested and used in 
production. Send your experiences and ratings of products to 
whatshot@private and get a Best Buy gift certificate.

=== RESOURCES AND EVENTS =======================================
   For more security-related resources, visit

How at risk is your business? Attend this free Web seminar and learn 
how to 
- differentiate alternative high-availability and disaster-recovery 
- ensure seamless recovery of your key systems and data  
- keep your users continuously connected  
- benefit from real-time high availability and disaster recovery 
Live Event February 22, 2007, at 12:00 pm EST 

Did you know that 75% of corporate intellectual property resides in 
email? The challenges facing this vital business application range from 
spam to the costly impact of downtime and the need for effective, 
centralized email storage systems. Join us for a free Web seminar and 
learn the key features of a holistic approach to email security, 
availability, and control. Download this on-demand seminar now!

Microsoft System Center Data Protection Manager (DPM) is now shipping! 
Get a solid introduction to DPM: Download this eBook today to learn how 
to use DPM to augment your tape-based backups. 

=== FEATURED WHITE PAPER =======================================

Learn to differentiate between computer records and business records. 
Learn the subjective meaning of business records and how to best manage 
regulatory requirements for email backup and retention. Download this 
special eGuide today! 

=== ANNOUNCEMENTS ==============================================

Make Your Mark on the IT Community!  
   Nominate yourself or a peer to become "IT Pro of the Month." This is 
your chance to get the recognition you deserve! Winners will receive 
over $600 in IT resources and be featured in Windows IT Pro. It's easy 
to enter--we're accepting February nominations now, but only for a 
limited time! Submit your nomination today: 

Ring in the New Year with Windows IT Pro 
   Don't miss Windows IT Pro in 2007! As a subscriber, you'll get full 
access to must-have coverage relating to Windows Vista deployment, 
virtualization, disaster recovery, Active Directory, the Office 2007 
launch, SharePoint fundamentals, and much more. Order now and save 58% 
off the cover price.  


Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and Security Pro VIP (second URL 

Subscribe to Security UPDATE at

Be sure to add Security_UPDATE@private 
to your antispam software's list of allowed senders.

To contact us: 
   About Security UPDATE content -- letters@private
   About technical questions -- http://list.windowsitpro.com/t?ctl=488D5:57B62BBB09A6927982FBAF992E8490C7
   About your product news -- products@private
   About your subscription -- windowsitproupdate@private
   About sponsoring Security UPDATE -- salesopps@private

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Thu Feb 01 2007 - 03:44:12 PST