Teamviewer or Logmein?

[DMGrier]

So at our work I am wanting to implement a new remote desktop client, I have received the approval to purchase a corporate license of Teamviewer but a new guy we hired says he has always been told it was unsecure and we should use Logmein as it "guarantee's" HIPAA compliance. I have been reading on both and to me they sound like they offer the same security. The only downside I see to Logmein is that the application is a browser client which I would think it is only as secure as the browser it is running on and Teamviewer has actually been audited by numerous places. Here is what I am looking at and I was wondering for your guys opinion.

Teamviewer
http://www.teamviewer.com/en/products/security.aspx

Logmein
https://secure.logmein.com/welcome/documentation/EN/pdf/common/LogMeIn_HIPAA.pdf

 

[Agent Smith]

I have used and like Teamviewer.

From the security statement:

Two Factor Authentication
TeamViewer assists companies with their HIPAA and PCI compliance requirements. Two-factor authentication
adds an additional security layer to protect TeamViewer accounts from unauthorized access. In addition to both
username and password, the user must enter a code in order to authenticate. This code is generated via the
time-based one-time password (TOTP) algorithm. Therefore the code is only valid for a short period of time.
Through two-factor authentication and limiting access by means of whitelisting, TeamViewer assists in meeting
all necessary criteria for HIPAA and PCI certification.
Further Questions?
For further questions or information, feel free to contact us at (US) +1 (800) 951 4573 and
(UK) +44 (0) 2080 997 265 or send an email to [email protected].

http://www.teamviewer.com/en/res/pdf/TeamViewer-Security-Statement-en.pdf

Encryption and Authentication
TeamViewer works with a complete encryption based on RSA public/private key exchange and AES (256 Bit)
session encoding. This technology is used in a comparable form for https/SSL and is considered completely safe
by today's standards. As the private key never leaves the client computer, this procedure ensures that
interconnected computers - including the TeamViewer routing servers - cannot decipher the data stream.
Each TeamViewer client has already implemented the public key of the master cluster and can thus encrypt
messages from the master cluster and check its signature accordingly. The PKI (Public Key Infrastructure)
effectively prevents "man-in-the-middle-attacks." Despite the encryption, the password is never sent directly, but
only through a challenge-response procedure, and is only saved on the local computer.
During authentication, the password is never transferred directly because the Secure Remote Password (SRP)
protocol is used. Only a password verifier is stored on the local computer.

 

[DMGrier]

Thanks for the response, yeah I was looking at the encryption difference as I noticed with Logmein that depending on the browser you are connecting to the encryption can drop to as low as 128 Bit.

I am definitely going to push this, I think this new guy is just trying to make some changes that he can say "See I made a difference here by choosing a better solution.".