I have a question regarding the security of two different options for accessing a computer remotely. I currently have OpenSSH implemented on my Windows Server 2003 using Cygwin which allows me to use a secure tunnel into the network and then run Remote Desktop (RDP) into a remote computer. The traffic should be doubly encrypted and should prevent the "man in the middle" attack which is a known exploit of RDP. However, is this more secure than simply using LogMeIn? LogMeIn appears to be easier for users to access their computers, but is it less secure as a result? Thanks in advance for any help you can offer.

LogMeIn utilizes SSL/TLS certificates to verify server identities and thus protect against MITM attacks. When a connection is made, the server’s certificate is verified. If the certificate was not issued by a certifying authority the user has chosen to trust, a warning will be presented. If the certificate was issued by a trusted certifying authority, but the hostname in the URL does not match the hostname included in the certificate, a different warning will be presented. If the Server passes these verifications, then the User’s browser generates a “Pre-Master Secret” or PMS, encrypts it with the Server’s public key contained within its certificate, and sends it to the Server. As ensured by public key cryptography, only the Server that holds the corresponding private key can decrypt the PMS. The PMS is then used to derive the Master Secret by both the user and the Server, which, in turn, will be used to derive initialization vectors and session keys for the duration of the secure session. In short, the above ensures that the user is establishing the connection with the Server, and not with a third entity. Should a MITM attack be attempted, either one of the security warnings will be triggered or the PMS will be unknown to the MITM, effectively rendering the attack impossible. LogMeIn is a very secure solution. As for being more secure than RDP, I would say so. I have NOT lost my mind — I have it backed up on tape somewhere

Thanks for the reply. Would you say it is still more secure than using RDP over an SSH layer? Do subtle things like packet sniffing count as MITM attacks?

Generally a MITM attack is when the attacker is actually actively manipulating the headers and data of packets on the wire. Sniffing/Eavesdropping are still somewhat MITM attacks, but normally just passively. When someone is sniffing the wire there only intention generally is to collect and analyze packets and collect information for a later attack. There not really trying to manilpulate packets to get through a router or firewall like in a normal MITM attack, although the two are similair. More secure? Probably. I have NOT lost my mind — I have it backed up on tape somewhere

RDP over SSH I would guess would be slightly more secure only because the potential attacker would need to know how to crack both, but both are secure. "Milk was a bad choice!"