Security Statement

Security should be a crucial part of a remote access product, no matter for what purposes you are using it; business or personal. ISL AlwaysOn uses maximum security.

An ISL AlwaysOn connection from a computer to a ISL Conference Proxy server is encrypted with SSL.

The ISL AlwaysOn's activities can be monitored by tracking the history of accesses to a computer. This report shows which ISL Online users accessed the computer and when they accessed it.

A user can always lock access to his/her computer. By disabling access, the computer becomes inaccessible until further action.

Security, 1st layer - ISL AlwaysOn computer to ISL Online products user visibility

To access a remote computer, you need to establish a link between your ISL Online account and a computer you want to add access to. To do this, you need to log into your ISL Online product account at www.islonline.com (see detailed instructions in the Setting up AlwaysOn chapter), where you install ISL AlwaysOn on your computer. Each user has its own digitally signed executable identifying his/her ISL Online user account. No other ISL Online user will be able to see or try to start a remote connection if an ISL AlwaysOn computer administrator has not installed a customized ISL AlwaysOn program.

Installing ISL AlwaysOn on a computer does not yet enable the access. To enable the access, a strong access password must first be set. ISL AlwaysOn accepts only a strong access password. This password is stored in the Local Machine registry as MD5 hash. The plain text password is not available anymore.

After installing ISL AlwaysOn and setting an access password, remote access for the specific ISL Online user is finally enabled. Whenever the ISL Online user wants to connect to the remote computer, he/she needs to enter the ISL AlwaysOn access password for each remote access session he/she starts. When connecting to an ISL AlwaysOn computer, the protocol is the following:

Step	ISL Online products user	ISL AlwaysOn computer
1.	send encrypt("connect")
2.		<challenge> = generate challenge send "encrypt(authentication_required({chmd5, <challenge>}))"
3.	request input of password make chal-pass-md5=md5(challenge,md5(password)) send encrypt("authenticate({chmd5, <chal-pass-md5>})")
4.		request = decrypt(received_data) if request[key] = chmd5 then load md5-password from registry into memory if request[1] = md5(challenge, md5-password) then set authenticated user = true send encrypt("get_code") else send encrypt("error authentication failed") end else send encrypt("error authentication not supported") end
5.	if received = get_code then start ISL Light Desk, request code send encrypt("code <ISL Light session code>") else goes again to step 3. end
6.		received = decrypt(recieved_data) if received = "code <code>" then start ISL Light Client with --connect <code> set authenticated user = false end
7.	ISL Light Desk is connected into session	ISL Light Client is connected into session

The remote desktop control session is enabled by ISL Light. ISL Light (version 3.1) enables to create an instant remote desktop control session, which is secured with SSL (a 1024-bit RSA key for the handshake and a 256-bit AES session key). Once a session is established, no one can see this session's encrypted data. And when an ISL Light session is ended you cannot connect to the same session again. Read more on ISL Light security at http://www.isllight.com/help/security_statement.htm.

Once an ISL Online user is connected to a remote computer, he/she can see the Windows console desktop session running on the computer. It is recommended that the user sets passwords for all Windows accounts and disables accounts which are not in use. The user should always log off the computer when not present, so when accessing the computer he/she needs to type in the Windows account password.