Security Statement Revision Date: 23 April 2009

Similar documents
Security Statement. Revision Date: 4 January page 1/12

TeamViewer Security Statement

(2½ hours) Total Marks: 75

Overview. SSL Cryptography Overview CHAPTER 1

The SafeNet Security System Version 3 Overview

Overview Brosix stringent corporate security requirements.

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

ISL Groop 1.1 Manual Xlab d.o.o., Ljubljana

Awareness Technologies Systems Security. PHONE: (888)

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Getting Started with Soonr

Unleash the Power of Secure, Real-Time Collaboration

Security Specification

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief

Configuring SSL. SSL Overview CHAPTER

VNC Connect security whitepaper. VNC Connect. Instant support FAQs

Getting to Grips with Public Key Infrastructure (PKI)

Configuring L2TP over IPsec

Configuring SSL. SSL Overview CHAPTER

The StrideLinx Remote Access Solution comprises the StrideLinx router, web-based platform, and VPN client.

PCI DSS Compliance. White Paper Parallels Remote Application Server

HP Instant Support Enterprise Edition (ISEE) Security overview

CompTIA E2C Security+ (2008 Edition) Exam Exam.

Configuring SSL CHAPTER

Accessing CharityMaster data from another location

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

Security Guide Zoom Video Communications Inc.

Security Policy (EN) v1.3

SSL/TLS. How to send your credit card number securely over the internet

Security in Bomgar Remote Support

OmniJoin.com. Secure web conferencing from Brother

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

System Requirements. Network Administrator Guide

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

The Most Important Facts in a Nutshell Content Security User Interface Security Infrastructure Security In Detail...

OpenScape Web Collaboration

Cloud versus direct with VNC Connect

Security context. Technology. Solution highlights

Security and Compliance at Mavenlink

CS155b: E-Commerce. Lecture 6: Jan. 25, Security and Privacy, Continued

Technician s guide to instant support

Integrated Cloud Environment Security White Paper

Transport Level Security

KantanMT.com. Security & Infra-Structure Overview

A Technical Overview of the Lucent Managed Firewall

CSCE 715: Network Systems Security

PCI DSS and VNC Connect

Pulseway Security White Paper

VPN Overview. VPN Types

RICOH Unified Communication System. Security White Paper (Ver. 3.5) RICOH Co., Ltd.

Never Drop a Call With TecInfo SIP Proxy White Paper

Information. OpenScape Web Collaboration V7

L2TP over IPsec. About L2TP over IPsec/IKEv1 VPN

WHITE PAPER. VeriSign Architecture for Securing Your VPN Go Secure! For Check Point Overview

VNC Connect security whitepaper. Cloud versus direct with VNC Connect

TECHNOLOGY Introduction The Difference Protection at the End Points Security made Simple

Q&As Check Point Certified Security Administrator

InterCall Virtual Environments and Webcasting

Projectplace: A Secure Project Collaboration Solution

WHITEPAPER. Security overview. podio.com

OpenScape Web Collaboration

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Network Administrator s Guide

Networking interview questions

Security Policy Document Version 3.3. Tropos Networks

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Inventory and Reporting Security Q&A

Authenticating on a Ham Internet

Empower your teams with more video meeting options.

Solving issues right from the comfort of your office has never been easier or more secure!

System Overview. Security

Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise

Deployment of Cisco IP Mobility Solution on Enterprise Class Teleworker Network

Alcatel OmniAccess 200 Series

CS 356 Internet Security Protocols. Fall 2013

Designing Workspace of the Future for the Mobile Worker

XenApp 5 Security Standards and Deployment Scenarios

Cryptography (Overview)

What can the OnBase Cloud do for you? lbmctech.com

Transport Layer Security

Cisco SR 520-T1 Secure Router

Wireless Terminal Emulation Advanced Terminal Session Management (ATSM) Device Management Stay-Linked

Sage 300 People & Web Self Service Technical Information & System Requirements

NGFW Security Management Center

Brocade Virtual Traffic Manager and Parallels Remote Application Server

Alliance Key Manager A Solution Brief for Partners & Integrators

Security in ECE Systems

APP-ID. A foundation for visibility and control in the Palo Alto Networks Security Platform

Ten Security and Reliability Questions to Address Before Implementing ECM

IBM. Security Digital Certificate Manager. IBM i 7.1

Security and Certificates

ipad in Business Security Overview

Data Security and Privacy. Topic 14: Authentication and Key Establishment

IBM SmartCloud Engage Security

Adaptive Authentication Adapter for Citrix XenApp. Adaptive Authentication in Citrix XenApp Environments. Solution Brief

NetScaler 2048-bit SSL Performance

GateHouse Logistics. GateHouse Logistics A/S Security Statement. Document Data. Release date: 7 August Number of pages: Version: 3.

Hosted Exchange 2013

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Transcription:

Security Statement Revision Date: 23 April 2009 ISL Online, ISL Light, ISL AlwaysOn, ISL Pronto, and ISL Groop are registered trademarks of XLAB d.o.o. Copyright (c) 2003-2009 XLAB d.o.o. Ljubljana. All rights reserved.

Introduction This document provides the security information to the users of the ISL Online - Internet Communication Services, and applies to the following software products: ISL Light ISL AlwaysOn ISL Pronto ISL Groop We are aware that the security issues are of the utmost importance to you, when using our services. Therefore we have prepared this document, to reveal the detailed technical background of the ISL Online technology and our security policy. The provided information shall help you understand the several security layers implemented in the ISL Online products. We use industry-standard (SSL) security technologies to protect data transfer. The RSA 1024 Bit Public / Private Key Exchange is used to negotiate symmetrical AES 256 Bit end-to-end encoding, and above all, end-user applications are digitally signed by means of a VeriSign Certificate. You are welcome to distribute this document freely to your colleagues, partners or customers in order to clarify the possible security concerns. ISL Online Technology With more than 4 million sessions per year, ISL Online is classified as an important world supplier of the Web Conferencing software. The product family includes: Remote Desktop Support ISL Light enables you to offer your clients assistance by connecting with their PC or Mac via the Internet in less than 30 seconds. View and control the clients desktop, easily transfer files, and make VoIP and video calls. Remote PC Access Use your home and office PC from anywhere in real time. After a quick installation, ISL AlwaysOn provides a secure and fast access to your PC from any Web browser anytime you need it. Live Chat ISL Pronto is a live chat software for online customer service and web support. It creates a link between your personnel and website visitors enabling you to answer their sales inquiries and support requests online. Online Meetings ISL Groop is a web conferencing solution designed for online meetings, presentations, support, webinars and real-time collaboration with your colleagues, partners and customers over the Internet. All ISL Online products are based on the same Internet Communication Platform called ISL Online Network. ISL Online Network, is designed to provide your ISL Online services with maximum security, performance and reliability. Based on our proprietary ISL Grid technology, servers distributed around the globe have been turned into a vast server resource ensuring you a most enjoyable use. The network s architecture is fault tolerant, includes geographically loadbalancing mechanisms, distributed session roaming, and is independent ISL Online Security Statement 2

ISL Online Network Internet Communication Platform of the central server. Not only is the connection relayed through the server with the lowest traffic load, but also the geographically nearest server to both end users. Network of Dedicated Servers High Security (256-bit SSL) Nearly 100% Service Up-time Connection to Optimal Server Automatic Session Reconnection GeoDNS Technology Distributed Database Load Balancing Fault Tolerance Global Client Support Each dedicated server hosts the ISL Conference Proxy application, which relys the connections between the ISL Online users. Hosted Service vs. Server License The Hosted Service (an annual subscription or a pay-per-use basis) uses the advanced ISL Online Network, thus assuring 24/7 availability and stability of the service. The Hosted Service brings you all the benefits of the ISL Grid technology: optimal performance, speed, availability and global coverage. You can use ISL Online services anytime anywhere with anyone. On the other hand, the Server License is not hosted on the ISL Online Network but uses your own server. This suits companies which seek full independence and control over the system. Nevertheless, one needs to realize that bigger independence brings bigger responsibility as ISL Online services availability and performance depend strictly on yourself. Company XLAB is a software developing company founded in 2001 as a member of the largest Technology Park in Slovenia, EU. The company is recognized for its strong computer science research team with a background in the fields of distributed systems, cloud and grid computing and peer-to-peer networks. XLAB is the developer of the product line named ISL Online, which has been providing secure, on-demand Internet communication services for remote desktop support and access, web meetings and instant live chats since 2003. More than 60,000 business users worldwide use the products on a daily basis, thus running over 4 million sessions per year. The ISL Online products are bundled together in an All in One pack to offer anyone from small, midsized and big businesses, to individuals an easier, new and secure way to access PCs, and collaborate with clients, partners and employees in real time. Besides, the ISL Online products enjoy a reputation of being extremely easy to set up and use, technologically superior, and above all, affordable. For any further questions, please feel free to contact us at the addresses given below: XLAB d.o.o. Pot za Brdom 100 SI-1000 Ljubljana Slovenia EU T: +386 8 2000760 F: + 386 8 2000 770 online chat: www.islonline.com sales: sales@islonline.com support: support@islonline.com ISL Online Security Statement 3

Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4

ISL Light Security Policy This section describes the procedure for establishing the ISL Light session and the implemented security layers. Firewall Connection Ports No firewall adjustments are needed to start the remote desktop support session, as the ISL Light automatically initiates an outgoing connection. ISL Light tries to connect using ports 7615, 80 and 443 therefore it works with your existing firewall and does not require any additional configuration. SSL Secured Communication The Secure Sockets Layer (SSL) cryptographic protocol provides security and data integrity of the communication. For each ISL Light connection an additional SSL layer is established over the HTTP protocol. Widelly tested and used OpenSSL library is used for the SSL implementation. 5

RSA 1024 Bit Public /Private Key Exchange To initiate the remote desktop support connection with a client, the helpdesk operator needs to start the ISL Light Desk application which carries an RSA 1024 Bit Public Key of the ISL Conference Proxy server. The initial connection is established when the Public Key of the ISL Light Desk application and the Private Key of the ISL Conference Proxy server are verified and exchanged successully. The industry standard X.509 certificates are used to guarantee authenticity of transmission. This PKI (Public Key Infrastructure) prevents the»man-in-the-middle-attacks«. Upon the successful RSA 1024 Bit Public / Private Key Exchange the Diffie- Hellman cryptographic algorithm is used to exchange symmetrical AES 256 Bit keys. After the exchange all subsequent communication between the ISL Light Desk application and the ISL Conference Proxy server is encrypted using a symmetrical AES 256 Bit keys. User Authentication The helpdesk operator needs to be a registrated ISL Online user with a valid username and password. To obtain a unique session code, the operator needs to be identified by providing the username and password to the ISL Conference Proxy server. The AES 256 Bit encrypted username and password are sent to the ISL Conference Proxy for the verification. Username and password is checked against ISL Conference Proxy user database. Alternatively, when using the Server License, different types of the authentication schemes can be integrated within the ISL Conference Proxy, like the RADIUS or LDAP authentication. Session Code Upon the successful authentication, a unique session code is generated by the ISL Conference Proxy server and returned to the ISL Light Desk application through the AES 256 Bit encrypted channel. The helpdesk operator needs to pass the session code (for example over the phone) to the client, who enters the session code in the ISL Light Client application and initiates the connection with the ISL Conference Proxy server. The ISL Light Client application carries an RSA 1024 Bit Public Key of the ISL Conference Proxy server. The initial connection is established when the Public Key of the ISL Light Client application and the Private Key of the ISL Conference Proxy server are verified and exchanged successfully. The industry standard X.509 certificates are used to guarantee authenticity of transmission. This PKI (Public Key Infrastructure) prevents the»man-inthe-middle-attacks«. RSA 1024 Bit Public / Private Key Exchange with the Diffie-Hellman cryptographic algorithm is used to exchange symmetrical AES 256 Bit keys. After the exchange all subsequent communication between the ISL Light Client application and the ISL Conference Proxy server is encrypted using a symmetrical AES 256 Bit keys. 6

The unique session code is sent through the AES 256 Bit encrypted channel from the ISL Light Client to the ISL Conference Proxy. Based on the unique session code, the ISL Conference Proxy matches together the ISL Light Desk and the ISL Light Client applications. The session code is invalidated immediately after the connection is established between the ISL Light Client and the ISL Light Desk. AES 256 Bit End-to-End Encryption Once the ISL Light Desk and the ISL Light Client applications are matched on the ISL Conference Proxy server by the means of the identical unique session code the new SSL handshake is started. The ISL Light Client application carries an RSA 1024 Bit Public Key of the ISL Light Desk application. The initial connection is established when the Public Key of the ISL Light Client application and the Private Key of the ISL Light Desk application are verified and exchanged successfully. The industry standard X.509 certificates are used to guarantee authenticity of transmission. This PKI (Public Key Infrastructure) prevents the»man-inthe-middle-attacks«. RSA 1024 Bit Public / Private Key Exchange with the Diffie-Hellman cryptographic algorithm is used to exchange symmetrical AES 256 Bit keys. After the exchange all subsequent communication between the ISL Light Client application and the ISL Light Desk application is encrypted using a symmetrical AES 256 Bit keys. AES 256 Bit encrypted data transfer end-to-end SSL tunnel is established between the ISL Light Desk and the ISL Light Client applications. All the information exchanged between the helpdesk operator and the client is encrypted from end-to-end, meaning that even the ISL Conference Proxy cannot decrypt the content of the session but only transfers the packets from one side to another. Session data storage The data transferred between the ISL Light Desk and ISL Light Client during the session (desktop sharing images, files, audio/video communication, etc.) is NOT stored on the ISL Conference Proxy server. Only the basic session parameters (IP addresses of the ISL Light Desk/Client, session length, bytes transferred, end of session dialogs, etc.) are stored on the ISL Conference Proxy server. The ISL Light sessions can also be recorded. However the ISL Light Desk and the ISL Light Client users are always notified when the session recording starts and stops. Session recording files are stored locally, on the ISL Light Desk or ISL Light Client computer. Code Signing ISL Light Desk and ISL Light Client applications are digitally signed by means of a VeriSign Code Signing certificate, which reliably identifies XLAB as the software publisher and guarantees that the code has not been altered or corrupted since it was signed with a time-stamped digital signature. 7

Datacenters The ISL Online Network s dedicated servers are hosted by the professional datacenters round the globe. We only choose highly reliable and industryproven datacenters with modern facilities and equipment, such as redundant or backup power supplies, redundant data communications connections, environmental controls (e.g., air conditioning, fire suppression) and security devices. We solely control the servers running the ISL Conference Proxy application and have strict administrative password storage policy. Due to the AES 256 Bit end-to-end encryption security policy even the administrators of the network cannot see the content of the sessions. For most security delicate organizations such as banks, national agencies, corporate environments etc., we offer the Server License model, where the ISL Conference Proxy application is installed on the server within such organization. In this case, all ISL Light connections are established through the ISL Conference Proxy installed on the server running in the organization, completely independent from the ISL Online Network. As the Server License installation is a stand-alone system, the organization is solely responsible for the server s administration. Function Transparency ISL Light is designed for providing the remote support to the clients over the internet but only upon the client s explicit request. The client initiates the session and the client can also terminate the session anytime. During the session, the client is asked for permissions to start the desktop sharing, enable the remote keyboard and mouse control, send and receive files, turn on or off the audio and video communication etc. Even when the operator has a full remote desktop control over the client s PC, the client can easily revoke the control from the operator by simply moving the mouse. The functionality of the software is totally transparent, meaning that the application is never running in the background. The client is always aware of the running session and can follow the actions performed by the helpdesk operator all the time. Once the session is terminated, the helpdesk operator cannot access the client s computer again with the same session code. Program Executables Integrity The Quality Assurance policy is implemented in the cycle of the ISL Online product development. All program applications need to go through the following stages: Development Release Candidate Testing Official Release Distribution User Download 8

We guarantee that the software applications we develop reach the final destination intact. Several mechanisms are implemented to assure that: A branch is created in the development source tree for each release. This assures that smaller improvements on the minor release are always implemented on the level of the specific source branch, which is thoroughly tested. The release candidate application executables are signed using the proprietary algorithm by the secure key which is accessible to the ISL Online release team only. In the testing department a team of experts is responsible for the quality control of each software branch. When the release candidate is approved by the testing department, the official release of the application executables are signed using the proprietary algorithm by the secure key which is accessible to the ISL Online release team only. When the official release is deployed, the proprietary signature is verified by the ISL Conference Proxy. The software applications downloaded by the user are additionally signed by means of a VeriSign Code Signing certificate, which reliably identifies XLAB as the software publisher and guarantees that the code has not been altered or corrupted since it was signed with a timestamped digital signature. This process assures the integrity of the ISL Online application executables from the development stage to the user download. 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback