Security

 

Introduction

Security should be a crucial part of a remote access product, no matter for what purposes you are using it; business or personal. ISL AlwaysOn uses maximum security.

Security Layers

Each ISL AlwaysOn connection from a computer to an ISL Conference Proxy server is encrypted with SSL.

ISL AlwaysOn's activities can be monitored by tracking the history of accesses to a computer. This report shows which ISL Online users accessed the computer and when they accessed it.

A user can always lock access to his/her computer. When disabled, that computer becomes inaccessible until further action.

Layer 1 - ISL AlwaysOn computer to ISL Online products user visibility

To access a remote computer, you need to establish a link between your ISL Online account and a computer you want to add access to. Each user has its own digitally signed executable identifying his/her ISL Online user account. No other ISL Online user will be able to see or try to start a remote connection if the ISL AlwaysOn computer administrator has not installed a customized ISL AlwaysOn program.

The procedure of adding a new computer is described in the Add a new computer chapter.

Layer 2 - ISL AlwaysOn computer access password

Installing ISL AlwaysOn on a computer does not completely enable access to the computer. To enable access, a strong access password must be set first. This password is stored in the Local Machine registry as MD5 hash. The plain text password is not available anymore.

After installing ISL AlwaysOn and setting the access password, remote access for the specific ISL Online user is finally enabled. Whenever the ISL Online user wants to connect to the remote computer, he/she needs to enter the ISL AlwaysOn access password for each remote access session he/she starts.

Step
ISL Online products user
ISL AlwaysOn computer
1.
send encrypt("connect")

2.

<challenge> = generate challenge
send "encrypt(authentication_required({chmd5, <challenge>}))"
3.
request input of password
make chal-pass-md5=md5(challenge,md5(password))
send encrypt("authenticate({chmd5, <chal-pass-md5>})")

4.

request = decrypt(received_data)
if request[key] = chmd5 then
 load md5-password from registry into memory
 if request[1] = md5(challenge, md5-password) then
   set authenticated user = true
   send encrypt("get_code")
 else
   send encrypt("error authentication failed")
 end
else
   send encrypt("error authentication not supported")
end
5.
if received = get_code then
 start ISL Light Desk, request code
 send encrypt("code <ISL Light session code>")
else
 goes again to step 3.
end

6.

received = decrypt(recieved_data)
if received = "code <code>" then
 start ISL Light Client with --connect <code>
 set authenticated user = false
end
7.
ISL Light Desk is connected into session
ISL Light Client is connected into session

Layer 3 - ISL Light remote desktop session security

The remote desktop control session is enabled by ISL Light. ISL Light (version 3.1) enables to create an instant remote desktop control session, which is secured with SSL (a 1024-bit RSA key for the handshake and a 256-bit AES session key). Once a session is established, no one can see this session's encrypted data. And when an ISL Light session is ended you cannot connect to the same session again. For more information on ISL Light security, please refer to this link.

Layer 4 - MS Windows OS security

Once an ISL Online user is connected to a remote computer, he/she can see the Windows console desktop session running on the computer. It is recommended that the user sets passwords for all Windows accounts and disables accounts which are not in use. The user should always log off the computer when not present, so when accessing the computer he/she needs to type in the Windows account password.

Tags: isl alwayson, security

Was this article helpful?