• Ajuda
  • Dicas de Segurança

Dicas de Segurança

We understand that information security is of utmost importance to you when it comes to establishing remote desktop connections. We apply industry-standard security technologies to protect your data and comply with the strictest security standards.

ISL Online secures its remote desktop traffic using RSA 2048/4096-bit public/private key exchange and AES 256-bit end-to-end encryption.

To establish a remote desktop support connection with a client, the helpdesk operator needs to start the ISL Light application, which carries an RSA 2048/4096-bit Public Key of the ISL Online server. The initial connection is established when the Public Key of the ISL Light application and the Private Key of the ISL Online server are veri­fied and exchanged. Upon a successful RSA key exchange, the Diffie-Hellman cryptographic algorithm is used to exchange symmetrical AES 256-bit keys.

The software supports two-factor authentication, exportable audit logs, automatic session recording and external authentication.

Para mais detalhes leia nosso declaração de segurança.

Below we want to give you a quick insight into some of the most important features ISL Online provides to guarantee secure use of remote desktop software.

Login

Quando você loga em sua conta ou ISL Light, recomendamos que utilize uma senha forte e configure a autenticação de dois fatores para tornar sua conta mais segura.

Use strong account password

The security of your data depends not only on the strength of the encryption method but also on the strength of your password.

To help you create a strong password, ISL Online's password security policy is based upon the latest NIST specifications. Your password must be at least 8 characters long. You are allowed to use any printable ASCII characters and spaces, while any leading and trailing spaces will be removed. Your password is checked against the blacklist, which consists of the most common and simple passwords.

Set two-factor authentication

Two-factor authentication (2FA) is an extra layer of security for help desk technicians and IT professionals. With 2FA enabled, operators can only log in to the ISL Online system by going through a two-step verification process by providing something they know (password) and something they have (2FA token).

Como configurar autenticação de dois fatores

Importante:Recomendamos criar mais de um método de autenticação de dois fatores, como celular e e-mail. Isso te dá mais opções para o login caso você perca seu acesso.

Autenticação Externa (Licença Servidor)

Various types of authentication schemes can be integrated into the ISL Online system, such as OpenLDAP, Microsoft Active Directory, Novell eDirectory, or RADIUS. When external authentication is configured, operator access rights and permissions to use the ISL Online software are managed by IT administrators using their corporate user management directories.

Ler manual

Senha de Acesso

Quando você instala acesso isolado (ISL AlwaysOn) em um computador remoto, você precisa criar uma senha de acesso segura. Essa será sua principal senha de acesso, que você precisa fornecer cada vez que acessa o computador remoto.

Senha de acesso principal

Main access password is an access password which is defined during installation, and can be used to connect to the remote computer by any user.

Ler manual

Senha de acesso principal

Senha de acesso a conexão

Você pode criar senhas diferentes para usuários com quem já tiver compartilhado acesso. Elas podem ser criadas manualmente nos ajustes do ISL AlwaysOn.

Ler manual

Senha de acesso a conexão

Senha de Acesso Único

Gere senhas únicas manualmente nos ajustes do ISL AlwaysOn. Elas podem ser usada uma única vez.

Ler manual Assista o vídeo (0:58)

Senha de Acesso Único

Configurações Adicionais

The ISL AlwaysOn settings allow you to modify or customise several security settings for connecting to an unattended computer.

Exibir noticações de conexões em andamento

Allows the client to see a countdown notification when a connection is being established to their computer. You can specify the timeout and the options available to the local user. After timeout the default action is executed if the remote user is allowed to reject connection.

Permitir usuário local rejeitar a conexão

This option becomes available if you have enabled the "Show notification of incoming connection" option. The local user sees a notification that gives them the option to accept or reject the connection made by the supporter.

Bloquear o computador quando iniciar a sessão

Bloqueie o computador remoto no início da sessão, você precisará inserir os dados da conta para entrar.

Bloquar computador quando estiver transmitindo e sem conexão de rede

Se a conexão for interrompida, o computador remoto é bloqueado automaticamente.

Bloquear computador ao final da sessão

Bloquear o computador automaticamente ao final da sessão.

Habilitar tela preta quando iniciar a sessão

The local user will see a black screen when the remote session is active.

Length of delay before black screen is stopped after ESC has been pressed (in seconds)

Set the timeout in seconds that starts when you press ESC. Once timed out, the black screen is disabled and the local client can see the screen. The maximum timeout is 180 seconds.

Ler manual

Configurações Adicionais

Notificações por e-mail

Receive an email notification each time a remote access session starts, stops, fails or a file is downloaded on a specific computer.

Ler manual Assista o vídeo (0:58)

Senha de Acesso Único

Filtros de Acesso

Por questões de segurança você pode restringir a utilização do software ISL Online aos limites de sua empresa. Você pode restringir o limite de acesso a dados aos servidores ISL Online baseado nos endereços IP e MAC. Utilize a função "permitir" para especificar a lista de endereços IP e MAC que têm permissão para iniciar uma sessão de suporte remoto ou acessar um computador isolado. Por outro lado, você pode utilizar a função "negar" para especificar a lista de IP e MAC não permitidos. Essas regras podem ser definidas para um usuário específico ou o domínio inteiro no servidor ISL Online.

Por exemplo, você pode permitir que seus empregados gerem códigos de acesso apenas do escritório (nos limites do seu endereço de IP).

Exemplo:

deny_ip 192.168.0.14

allow_ip 192.168.0.13/255.255.255.0

allow_mac 00-19-d1-06-c9

Importante:

IP and MAC addresses can be spoofed, so filters alone are not a substitute for a strong access password!

Ler manual Assista o vídeo (0:34)

Filtros de Acesso

Filtragem de Port

Um bom software de desktop remoto funciona sem a necessidade de ajustes no firewall.

Com o ISL Online seu firewall pode seguir intacto já que o ISL Light inicia automaticamente uma conexão contínua, tentando conectar utilizando os ports 7615, 80 ou 443.

No entanto, empresas maiores normalmente têm políticas específicas sobre a configuração de seus firewalls ou proxies. Administradores de sistemas devem abrir o port 7615 para permitir que apenas o tráfego ISL Online passe e o resto continue sendo filtrado. Eles também podem configurar o nome DNS ou IP exceções.

Regardless of the network configuration ISL Online apps will automatically try different approaches to find working transport (detecting proxy settings, using WinINet, creating a tunnel, making use of the wildcard DNS etc.).

Ler manual

Histórico de Acesso do Computador

Buscar conexões que tenham sido estabelecidas em sua conta, marcadores de horários de conexão do desktop, e outras informações uteis.

Ler manual Assista o vídeo (0:34)

Histórico de Acesso do Computador

Restrição de Recursos

Remote desktop software is a universal tool, used virtually in all industries. Accordingly, there are countless different use cases which call for very flexible solutions that allow restriction on features to adhere to distinct security standards.

ISL Online allows you to restrict features that are available within a session: taking control of the remote computer, transferring files between customer and operator and many other features.

An example of where restricting a feature is essential: a bank employee should be able to see a client's computer screen, but should never be able to start sharing his/her own desktop. In this case, desktop sharing on the desk side can be disabled.

Ler manual

Intranet (LAN-only) Option

Some large organisations only use ISL Online for their internal support across different geographical locations. In such cases remote desktop software must allow establishing remote desktop sessions within a local area network (LAN) only.

Se você pensa em utilizar o ISL Online apenas em seu LAN (intranet), não há necessidade de um IP público. Você precisa apenas de um endereço privado no alcance de redes privadas (como especificado no RFC 1918).

Principais Perguntas

  • Quais ports precisam ser abertos para soluções hospedadas? add_circle remove_circle

    Port 7615 is the preferred choice and you can think of it as the standard ISL Online port, just like 22 is ssh, 23 telnet, 25 smtp, 3389 rdp etc. - you can also find it in the list of ports at wikipedia.

    Ter um port específico é muito conveniente. Se necessário, abra o port 7615 e todos os produtos ISL Online funcionarão perfeitamente. Com os 80/443, o admin acharia difícil tentar permitir o ISL Online, mas limitar o tráfego que também passa por lá.

    In general, the first thing to consider when dealing with a proxy environment is to check with the system/network administrator if it is possible to make an exception. This does not mean that you completely disable the proxy, just let the ISL Online traffic through directly and keep filtering the rest. If the proxy supports DNS name exceptions, then allow direct outgoing tcp connection for port 7615 to *.islonline.net. If the proxy only supports only IP number exceptions, check this link for a current list of  our server IPs. Direct connection offers best performance and minimum delays.

    In an ideal world of direct connections and flexible security policies, the story would end here, but since there are many customers behind corporate firewalls/proxies where only http and https traffic is allowed (so, port 80 and/or 443) and system/network administrators do not want or are not allowed to add exceptions, we also support that and our applications try to find a working transport even in those situations (detect proxy settings, use wininet, create a tunnel, make use of the wildcard dns - helps with some proxies, etc.).

    Situations where such filtering is involved can suffer from additional delays, mainly due to transport timeouts in the connection establishment process. ISL Online products always (well, unless you force a certain transport type through registry or command line) try direct connection using port 7615 and if that fails, they try ports 80 and 443 with various proxy methods. Each transport type has a timeout of 7 seconds and on windows we try 8 transport types, so if it is the last one that gets through, this means almost 1 minute delay. If a customer complains about long delays, the best thing to do is connect to the problematic computer and click find best transport in our utility connection tester. It will show you a list of successful transports along with the average transfer rate, delays etc. These results will allow you to force the best transport. Both you and your customer will appreciate the reduced connection delay.

    If you need help when dealing with ISL Online products in proxy environments, you can contact ISL Online team over the telephone, via e-mail or through our live chat.

  • Quanto tempo a sessão ISL Light fica registrada no sistema? add_circle remove_circle

    A session is active while ISL Light is active. When ISL Light is closed or only the session is closed by pressing "End Session" button, the session is not active any more. The system keeps the basic session info (ISL Light and Client computers' IP numbers, chat transcript, amount of transferred data etc.). The session can also be automatically terminated after specified user idle time (link). Idle time counts as time from the last user action on the computer.

  • Como configuro meu firewall? add_circle remove_circle

    Se não filtrar conexões, nenhuma alteração é necessária. No entanto, se você filtrar, liste todas as conexões para *.islonline.net.

  • Como configuro meu firewall se ele não permite lista de DNS? Quais endereços IP devo permitir? add_circle remove_circle

    Please refer to list of servers for an up-to-date list of our server IP addresses. However, please keep in mind that the list of our servers changes over time (new servers are added, old servers are decomissioned), so you should check the provided link every now and then and update your firewall appropriately. Instead, intermediary ISL Online forward proxy can be configured to minimize the list of rules and keep its maintenance at lowest. For additional information, please refer to the manual.

  • Is the connection encrypted throughout the session and does it connect through a server or directly (peer to peer)? add_circle remove_circle

    The connection uses end-to-end SSL encryption. After the session is established, the traffic still goes over the server, but the server cannot read the data (everything is encrypted end-to-end). For added security, you also have the option of Server license, so you can install the server yourself.

  • Seu ISL Light é seguro contra hackers? add_circle remove_circle

    ISL Light uses industry standard SSL/TLS encryption. You can be sure that your session is private - it is encrypted end-to-end - from ISL Light Client to ISL Light.  The client also has to allow each action, so the operate cannot just take over your computer. You do not need to change anything in your Operating System settings. For additional information, please refer to the security.

  • A sessão continua se meu IP local mudar no meio de uma sessão? add_circle remove_circle

    Sim, o ISL Light se reconecta ao servidor, quase como se desplugasse e plugasse um cabo de volta.

Continuar Lendo: Mais Sobre Segurança

Estamos aqui para você.

Precisa Saber Mais?

Entre em Contato