We understand that information security is of utmost importance to you when it comes to establishing remote desktop connections. We apply industry-standard security technologies to protect your data and comply with the strictest security standards.
ISL Online secures its remote desktop traffic using RSA 2048/4096-bit public/private key exchange and AES 256-bit end-to-end encryption.
To establish a remote desktop support connection with a client, the helpdesk operator needs to start the ISL Light application, which carries an RSA 2048/4096-bit Public Key of the ISL Online server. The initial connection is established when the Public Key of the ISL Light application and the Private Key of the ISL Online server are verified and exchanged. Upon a successful RSA key exchange, the Diffie-Hellman cryptographic algorithm is used to exchange symmetrical AES 256-bit keys.
The software supports two-factor authentication, exportable audit logs, automatic session recording and external authentication.
For a more detailed overview please read our security statement.
Below we want to give you a quick insight into some of the most important features ISL Online provides to guarantee secure use of remote desktop software.
When you log into your account or ISL Light, we recommend using a strong password and setting two-factor authentication to make your account more secure.
Use strong account password
The security of your data depends not only on the strength of the encryption method but also on the strength of your password.
To help you create a strong password, ISL Online's password security policy is based upon the latest NIST specifications. Your password must be at least 8 characters long. You are allowed to use any printable ASCII characters and spaces, while any leading and trailing spaces will be removed. Your password is checked against the blacklist, which consists of the most common and simple passwords.
Set two-factor authentication
Two-factor authentication (2FA) is an extra layer of security for help desk technicians and IT professionals. With 2FA enabled, operators can only log in to the ISL Online system by going through a two-step verification process by providing something they know (password) and something they have (2FA token).
External authentication (server license only)
Various types of authentication schemes can be integrated into the ISL Online system, such as OpenLDAP, Microsoft Active Directory, Novell eDirectory, or RADIUS. When external authentication is configured, operator access rights and permissions to use the ISL Online software are managed by IT administrators using their corporate user management directories.
When you install unattended access (ISL AlwaysOn) on a remote computer, you must set a secure access password. This will be your main access password, which you must provide each time you try to access the remote computer.
Main Access Password
Main access password is an access password which is defined during installation, and can be used to connect to the remote computer by any user.
Connection Access Password
If you have shared access to a remote computer with other users in your account, you have the ability to set a different password for each user. Connection access password can be set manually in the ISL AlwaysOn settings.
Generate one-time passwords manually in the ISL AlwaysOn settings. Each one-time password can only be used once to connect to a remote computer.
The ISL AlwaysOn settings allow you to modify or customise several security settings for connecting to an unattended computer.
Show Notification of incoming connection
Allows the client to see a countdown notification when a connection is being established to their computer. You can specify the timeout and the options available to the local user. After timeout the default action is executed if the remote user is allowed to reject connection.
Allow local user to reject connection
This option becomes available if you have enabled the "Show notification of incoming connection" option. The local user sees a notification that gives them the option to accept or reject the connection made by the supporter.
Lock computer when session starts
Lock the remote computer when the session starts, you will have to enter the account info to log in.
Lock computer when streaming and no network connection
If the connection is interrupted while connected to the remote computer, the remote computer is automatically locked.
Lock computer when session ends
Automatically lock the remote computer when session ends.
Enable black screen when session starts
The local user will see a black screen when the remote session is active.
Length of delay before black screen is stopped after ESC has been pressed (in seconds)
Set the timeout in seconds that starts when you press ESC. Once timed out, the black screen is disabled and the local client can see the screen. The maximum timeout is 180 seconds.
Receive an email notification each time a remote access session starts, stops, fails or a file is downloaded on a specific computer.
For security reasons you might want to restrict the use of ISL Online software within your organisation. You are able to limit the data access to ISL Online servers based on the IP and/or MAC addresses. You can use the “allow” function to specify the whitelist of IP/MAC addresses which are allowed to start a remote support session or access an unattended computer. On the other hand, you can use the “deny” function to specify the blacklist of IP/MAC addresses. These rules can be defined for a specific user or the entire domain on the ISL Online server.
For example, you can allow your employees to generate session codes for a remote support session from the office only (your company‘s range of IP addresses).
IP and MAC addresses can be spoofed, so filters alone are not a substitute for a strong access password!
Good remote desktop software works without making any firewall adjustments.
With ISL Online your firewall can remain intact as ISL Light automatically initiates an outgoing connection, trying to connect using ports 7615, 80 or 443.
However, larger organisations normally have a certain policy about the configuration of their firewalls or proxies. System administrators might want to open port 7615 only to pass the ISL Online traffic through directly and keep filtering the rest. They can also configure DNS name exception or IP number exception.
Regardless of the network configuration ISL Online apps will automatically try different approaches to find working transport (detecting proxy settings, using WinINet, creating a tunnel, making use of the wildcard DNS etc.).
Computer Access History
Search connections that have been established within your account, desktop connection timestamps, and other useful information.
Restriction on Features
Remote desktop software is a universal tool, used virtually in all industries. Accordingly, there are countless different use cases which call for very flexible solutions that allow restriction on features to adhere to distinct security standards.
ISL Online allows you to restrict features that are available within a session: taking control of the remote computer, transferring files between customer and operator and many other features.
An example of where restricting a feature is essential: a bank employee should be able to see a client's computer screen, but should never be able to start sharing his/her own desktop. In this case, desktop sharing on the desk side can be disabled.
Intranet (LAN-only) Option
Some large organisations only use ISL Online for their internal support across different geographical locations. In such cases remote desktop software must allow establishing remote desktop sessions within a local area network (LAN) only.
If you plan to use ISL Online within your LAN (intranet) only, there is no need for a public IP address. You only need a private address in the range of private networks (as specified in RFC 1918).