Security Description. FastViewer GmbH. Seite 1

Transcription

1 Security Description Seite 1

2 TABLE OF CONTENTS General Procedure Overview of Connection Setup General Security Features Security Features (Modules) Certificates Used (Codes) Certificates Used (SSL) External Certificates Data Protection Seite 2

3 GENERAL PROCEDURE Encryption method and data security The master module first obtains a list of the actively available FastViewer communication servers from multiple redundant web servers over HTTP. The master module looks for the fastest communication server, which is used for the subsequent session. This guarantees 100% reliability. The FastViewer Customer Portal can be used to configure whether communication should occur via servers distributed worldwide, across Europe, or exclusively in Germany. The master module then connects to the selected FastViewer communication server. It does this via port 5000 (TCP), port 443 (HTTPS) or port 80 (HTTP) or an existing proxy server, if present. The 6-digit session ID is obtained via this connection. This session ID is usually transmitted to the session partner over the telephone or by . The session partner then enters the obtained session ID into the client module. The client module also obtains the list of actively available FastViewer communication servers. The client module connects to the FastViewer communication server via port 5000 (TCP), port 443 (HTTPS) or port 80 (HTTP) or via an existing proxy server, if present. The master module and the client module then negotiate a 256-bit AES key (using the Rijndael algorithm). To ensure that data cannot be read at either the FastViewer communication server or at any other point in the connection, the rest of the communication takes place only via the 256- bit AES-encrypted connection. The FastViewer communication server is NOT able to decrypt the data because it is never in possession of the 256-bit AES key (see also the TÜV certificate)! The screen transfer then occurs in the desired direction. The session partner can stop the remote control at any time by pressing the "F11 key" on his or her keyboard. 1 Seite 3

4 GENERAL PROCEDURE Security features of FastViewer Secure Advisor With FastViewer Secure Advisor, a particularly intensive level of protection is required. This is ensured by triple security mechanisms: 1 Since the installed remote client requires only an outbound connection, remote access from the outside is not visible. Consequently, no hacker attacks are possible because no incoming port is open. 2 FastViewer works like a debit card with a PIN. Login requires possession of the appropriate FastViewer EXE file for the client and knowledge of the right login credentials. 3 Additional protection to guarantee security is provided through the Windows login. Extended protection mechanism through SMS authentication In addition to the previously mentioned security features, an SMS authentication function is available. To enable access the overview of remote devices, it is necessary to enter a login code, which is sent to the respective registered phone number. This ensures that remote maintenance sessions on remote clients are only possible exclusively by authorized personnel. Independence through own server solution Another possibility is to use your own server solution. This solution can be used completely independently of our IT infrastructure. All sessions are handled through your own server independently of the FastViewer communication servers. This variant uses the same security standards as described above. Multiple redundant systems can guarantee reliability. Rijndael algorithm In the year 2000, the National Institute of Standards and Technology established the Rijndael algorithm as the official standard, known as the Advanced Encryption Standard (AES). Fifteen potential candidates were involved in the three-year selection process. During the competition, the encryption formulas of the individual candidates were made public so that they could be tested (attacked) publicly by the competitors. From among the finalists, the Rijndael algorithm was selected as providing the "best combination of security, performance and effectiveness." (Source: ) 2 Seite 4

5 OVERVIEW SETTING UP A CONNECTION 1 Redundancy The master module looks for the fastest available communication server, which is then used for the subsequent session. If you are using your own server solution, a list of the available communication servers is stored in both the master module and the client module. If you are using multiple servers of your own, or if the FastViewer server is being used, the master module checks which server can respond the fastest to the request. This server provides the session ID and acts as the communication server for the session. This approach ensures a uniform load on the servers. The load is distributed automatically. 300 ms ms 1000 ms Closed corporate network etc. 1 Strict separation of servers If customers use their own server solution, the connection is set up only to the defined servers. If different versions are used, the FastViewer update server is accessed, unless the customers provide the versions themselves. This access can be securely prevented on request. In short, it is possible to ensure exclusive and secure communications within a defined corporate network. 3 Seite 5

6 GENERAL SECURITY FEATURES CRC check A checksum is built into the program code when compiling the EXE files. If this checksum is modified or hacked using a tool, the program can no longer be started due to a checksum error. This effectively prevents unwanted changes to the program code and ensures the functionality of all the defined security features. Video recording A video recording, which starts automatically on request, can be activated for verification purposes at both the customer and supporter ends. The video file is linked to the player in a separate, unmodifiable format and is output as an independent EXE file. This prevents subsequent manipulation. Log files After a session, a comprehensive log is made available, which allows conclusions to be drawn about the duration (start and end), host names and IP addresses involved. This log can be exported for evaluation purposes. Access is enabled via either the FastViewer-specific customer portal or the log viewer (if you are using your own server solution). Installation-free FastViewer is an application that does not have to be installed by either the supporter or the customer (except for Secure Advisor Remote Client, which is installed as a service). After a remote maintenance session, the program modules exit cleanly without any residual effects. This means that no interventions into the customer system and subsequent access to the remote system are possible. 4 Seite 6

7 SECURITY FEATURES (MODULES) Video recording 2 Logging The master and client modules independently enable the active session to be recorded. The video is saved in a separate format and permanently linked to our own player. At the remote end, it is always apparent when a video recording takes place. Information on the session being conducted is stored in an online log during a session. This information includes the FastViewer user name, session ID, number of participants, FastViewer version number, Windows login name, host names, IP addresses, free-text items and time stamp. The logs can be evaluated and exported via the customer portal or by using a separate tool if you are using your own server solution. 3 User Management 4 Pause function The user management can protect the master module against unauthorized access. The presenter can pause the active session at any time. This freezes image transmission. 5 Protection functions 6 Active Directory The user always retains control over the remote maintenance activities. The control rights can be withdrawn from the supporter by pressing the F11 key. The user has the option of canceling file access or the entire session at any time. Exported user keys can also be read from an existing Active Directory. These keys protect the module from being executed outside the domain. 7 Black list / White list 8 Application filter A black list or white list can be configured in the customer portal to make applications selectively available or to block access. This setting cannot be changed during the active session. Before the remote desktop is transmitted, the presenter has the opportunity to select the specific applications to be transmitted. You can also follow the same procedure for the desktop and task bar or newly launched applications. Security You can, description of course, also share the entire desktop. 5 Seite 7

8 SECURITY FEATURES (MODULES) Features 10 Ending a session All features can be configured via the customer portal. This makes it possible to customize the interaction between all security features. For example, file transfer and file storage can be prevented. Client control can also be prevented. The customer is able to end the session at any time. This is done by clicking on the Close button in the FastViewer sidebar. In addition, the customer has the option to stop the remote control by pressing the "F11 key" on his or her keyboard. The customer can thus actively prevent changes to his or her system and terminate access. 11 File transfer If the remote system is accessed by file transfer during an active session, multiple security barriers go into effect. The supported customer must approve the file transfer. If the approval is not granted, the file system cannot be accessed. A shared file transfer or file system access can, of course, also be canceled at any time. 6 Seite 8

9 SECURITY FEATURES (MODULES) Secure Advisor (Remote Access) Especially intensive protection mechanisms, which are carried out in addition to the activities described above, are needed for the remote access (installed service) of FastViewer Secure Advisor. 12 Outgoing connection 13 Access restriction The remote client is invisible to outside attacks due to its exclusively outgoing connection. Access is enabled only through the input of a user name and the associated password. 14 As secure as a debit card 15 Windows protection FastViewer works like a debit card with a PIN. Login requires possession of the appropriate FastViewer EXE file for the client and knowledge of the right login data. Additional protection is provided by the upstream Windows application of the client (subject to the respective Windows security settings). 16 Service settings 17 Timeout The user must activate the service to grant access (configurable). A timeout can be set. The customer decides whether or not access is granted after this timeout. 7 Seite 9

10 CERTIFICATES USED (CODE) Thawte code signing A thawte code-signing certificate is strongly recommended for all publishers who distribute code or content over the Internet or corporate extranets and who must ensure the integrity and authorship of that code. Features and benefits Signing of active content such as ActiveX, macros, MIDlet (J2ME) and Java Applets for secure electronic distribution via the Internet. This authenticated digital signature is used to efficiently verify your software source before it is downloaded: This ensures that your active content or code cannot be maliciously modified, grants your users access to the responsible publisher and offers the advantage of the secure thawte certification procedure on a global level. Online certificate status A major software vendor has released a beta version of its browser, which automatically checks the certificate status. This new testing protocol will accelerate thawte certificate validation, while reducing the misuse of invalid certificates and displaying the company data immediately to the end user. thawte has invested in its infrastructure and now offers a new "online certificate status protocol (OCSP)" instead of the old "certificate revocation lists (CRL)". Not all CAs can offer and support this service. For more information, visit 8 Seite 10

11 CERTIFICATES USED (SSL) Server certificate requests By default, FastViewer communication occurs over TCP 5000 or over HTTPS 443 or HTTP 80 as alternatives. Customers who use their own server solution of FastViewer can decide which ports to use for the communication. Operating FastViewer exclusively over HTTPS provides enhanced security, since this makes it possible to verify the "authenticity" of the tunnel server(s) by the standard SSL encryption method. The communication server requires an IP address and an SSL certificate to operate using HTTPS. Viewers can check which protocol is connecting them to the tunnel server in the FastViewer connection. It is possible to allow only valid HTTPS connections on a proxy server or firewall, which means that a connection will only be established if valid SSL certificates are recorded on the tunnel server. The SSL certificate can be easily checked by calling it from Internet Explorer. e.g.: -> Right mouse button: Properties -> Certificates Authentication Authentication is used so that each party can verify the identity of the other party to the connection - a problem that is becoming more and more significant due to phishing attacks. HTTPS HTTPS is used for encrypting and authenticating communication between web servers and browsers on the World Wide Web. Syntax HTTPS is syntactically identical to the scheme for HTTP; the additional encryption of data is done via SSL/TLS: a protected identification and authentication of the communicating parties is initially performed using the SSL handshake protocol. A shared symmetrical session key is then exchanged using asymmetrical encryption or the Diffie- Hellman key exchange. This method is ultimately used to encrypt the user data. 9 Seite 11

12 EXTERNAL CERTIFICATES TÜV Süd We require our communication solution to meet the strictest data security standards. We subjected our software to one of the toughest tests so that the people you deal with will have complete confidence in you and the solution you have deployed. FastViewer is the world's first desktop sharing solution that has received the TÜV SÜD certificate for data security and functionality. FastViewer Instant Meeting (formerly Confered) and Secure Advisor (formerly Supported) were meticulously tested for functionality and data security according to the guidelines: ISO/IEC 25051:2014 (functionality), PPP 13011:2008 (data security & safety) BISG The German Federal Association of IT Experts and Consultants (BISG) has awarded FastViewer its prestigious seal of quality and describes the product's performance as "very good." In particular, the testers praised the product's lean architecture, installationfree use, outstanding handling and excellent stability. The testers also praised the fact that the user interface is transparently designed for users and thus avoids a steep learning curve. All in all, it is rated as an excellent product. FastViewer offers all options for connection types as well, including, for example, an HTTP client for tunnel connections (even behind firewalls), secure direct connections (encrypted) and direct connections. Since Fast- Viewer never acts as a server, it also meets modern security guidelines without sacrificing balanced performance. The German Federal Association made the following concluding comments: "In summary, FastViewer is a product that is impressive in its flexibility and user-friendliness". 10 Seite 12

13 DATA PROTECTION BDSG excerpt The following is an overview of the data protection aspects relevant to FastViewer, as regulated in Section 9, Technical and Organizational Measures, of the BDSG (German Federal Data Protection Act). 1. Access control Unauthorized persons must be prevented from accessing data processing systems with which personal data is processed or used. The server room of FastViewer can only be accessed by persons authorized to enter the server room. The lock on the steel door to this room prevents unauthorized access by external or third parties. 3. Access control Steps must be taken to ensure that persons authorized to use a data processing system have access only to the data they are authorized to access, and that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. Personal data can be edited only by administrators using their access authorization. Employees cannot edit or copy personal data stored in the system or manipulate this data in any other unauthorized manner. Employees are divided into groups that have different access authorizations for the data records. This is guaranteed by a Windows server structure in conjunction with the "Active Directory." 2. Access control Steps must be taken to prevent unauthorized third parties from using data processing systems. Access to the premises of the data processing equipment is protected, and all equipment and IT systems are provided with constantly changing passwords. These passwords are changed on a monthly basis. If a user does not change the password, the system will force him or her to do so. 11 Seite 13

14 DATA PROTECTION 4. Disclosure control Steps must be taken to ensure that personal data cannot be read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media, and that it is possible to determine and check to which entities personal data is to be transferred using data transmission facilities. Personal data from the IT system is protected against unauthorized copying to data media. In the case of FastViewer, data is generally not copied to data media and used outside the company. If an employee works in the field over a VPN connection, access is protected by a firewall and corresponding antivirus, spyware removal and anti-hacker software. Protection is provided from both the server and the user computers by installing corresponding software. Antivirus software: Sophos Endpoint Security and Control Hardware firewall: Sophos UTM9 (Internet gateway with incoming and outgoing virus scans as well as spyware checks). 6. Input control Steps must be taken to ensure that it is possible after the fact to check and ascertain whether personal data has been entered into, altered or removed from data processing systems and if so, by whom. Every modification, deletion or processing of data and data records is stored in the FastViewer IT system (Selectline inventory management system). It is possible to track which user has made what change and when, etc., at any time. This report is visible only to administrators and is analyzed and monitored on a weekly basis. 6. Job control Steps must be taken to ensure that personal data processed on behalf of others is processed strictly in compliance with the controller's instructions. Only administrators have the authorization to edit personal data. These administrators can edit the relevant data in accordance with the written instructions of the client. 12 Seite 14

15 DATA PROTECTION 7. Availability control Steps must be taken to ensure that personal data is protected against accidental destruction or loss. The servers are backed up fully on a daily basis. All servers have mirrored hard drives in RAID systems and are equipped with redundant components. The equipment used can be remotely serviced and administered at any time via the FastViewer software solution. The communication servers used for this purpose are located in highly secure data centers. For the connections themselves, one of the highest quality encryption methods is used to ensure an appropriate security standard. (256 bit AES) 8. Separation control Steps must be taken to ensure that data collected for different purposes can be processed separately. Our system guarantees that data collected for different purposes can also be processed separately. This data is stored in the inventory management system (Selectline). All critical systems are subject to permanent monitoring through the monitoring software of the manufacturer Paessler. If critical values regarding the availability or performance of the networks or used devices are reached, the supervising administrators are notified immediately by /sms. The targeted monitoring of system components and processes helps prevent system bottlenecks, congestion and failures. Due to the comprehensive functionality of the monitoring systems by Paessler, it is possible to monitor and document the overall status of the network as well as the individual devices 24 hours a day. The monitoring report is regularly evaluated by an authorized administrator. 13 Seite 15