Securing the NetSupport Client



Similar documents
Differences between Computer and User Templates

Implementing and using the NetSupport Connectivity Server

Installing NetSupport School for use with the NetSupport School Student extension for Google Chrome

NetSupport Manager v11

Deploying NetSupport Manager. or NetSupport School. Overview. Available Installers. There are 4 main ways to install NSM or NSS, these are as follows:

NetSupport School Getting Started Guide

Reporting works by connecting reporting tools directly to the database and retrieving stored information from the database.

Information Services. Accessing the University Network using a Virtual Private Network Connection (VPN), with Windows XP Professional

2X ApplicationServer & LoadBalancer Manual

The FlexiSchools Online Order Management System Installation Guide

NetSupport School Connecting to Student Computers

Linux Getting Started Guide

Installing the Microsoft Network Driver Interface

Global VPN Client Getting Started Guide

Note: This documentation was written using the Samsung Galaxy S5 and Android version 5.0. Configuration may be slightly different.

Remote Access End User Guide (Cisco VPN Client)

Using the ECM VPN with Windows 7

Version 11. Getting Started Guide. Applied Computer Systems, Inc.

Security. The user and group account information for LookoutDirect 4 is kept in the Lookout.sec file, installed in your Windows SYSTEM directory.

pcanywhere Advanced Configuration Guide

Installation and Configuration Guide

IIS, FTP Server and Windows

RemotelyAnywhere. Security Considerations

2X ApplicationServer & LoadBalancer Manual

IT ACCESS CONTROL POLICY

The FlexiSchools Online Order Management System Installation Guide

Do you know what makes NetSupport Manager so unique?

ScoMIS Encryption Service

SSH Secure Client (Telnet & SFTP) Installing & Using SSH Secure Shell for Windows Operation Systems

Apple Mac VPN Service Setting up Remote Desktop

Understanding Task Scheduler FIGURE Task Scheduler. The error reporting screen.

How to Configure Terminal Services for Pro-Watch in Remote Administration Mode (Windows 2000)

Acer Classroom Manager Getting Started Guide

Global VPN Client Getting Started Guide

VNC Server 4.4. Enterprise Edition for Mac OS X. User Guide

Background Deployment 3.1 (1003) Installation and Administration Guide

Installation Guide for Microsoft SQL Server 2008 R2 Express. October 2011 (GUIDE 1)

How to install and use CrossTec Remote Control or SchoolVue in a Virtual and or Terminal Service environment

Netop Remote Control User's Guide. Version 12.20

Comodo MyDLP Software Version 2.0. Endpoint Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

User Guide. You will be presented with a login screen which will ask you for your username and password.

Outgoing VDI Gateways:

QBalance.com. We make QuickBooks work for you. Call Toll-Free: (800) Congratulations! You are using the best accounting software available!

CONNECT-TO-CHOP USER GUIDE

Acer Classroom Manager. Product Manual Version 2

Setting up a VPN connection Windows XP

CIFS Permissions Best Practices Nasuni Corporation Natick, MA

Global VPN Client Getting Started Guide

LogMeIn HIPAA Considerations

THE EDINBURGH NAPIER UNIVERSITY WINDOWS VIRTUAL PRIVATE NETWORK (VPN) GUIDE FOR MAC USERS

Immotec Systems, Inc. SQL Server 2005 Installation Document

Web Deployment on Windows 2012 Server. Updated: August 28, 2013

UMHLABUYALINGANA MUNICIPALITY FIREWALL MANAGEMENT POLICY

TeamViewer 7 Manual Remote Control

User's Guide. Product Version: Publication Date: 7/25/2011

NetSupport School: Classroom Management

Host Access Management and Security Server

Classroom Management network FAQ and troubleshooting

Kepware Technologies Remote OPC DA Quick Start Guide (DCOM)

MODEM AND DIAL-UP. Installation/Configuration (Windows 95/98/Me/NT/2000/XP)

VPN Overview. The path for wireless VPN users

User Guide 8.0. Software Copyright AB Software Consulting Ltd. All rights reserved.

Aventail Connect Client with Smart Tunneling

LRDC Computing Services

Phone: Fax: Box: 230

Objectives. At the end of this chapter students should be able to:

VPS Hosting. The Guide to Bet Angel VPS. Getting started with Bet Angel VPS. Revised August Page 1

Additional Security Considerations and Controls for Virtual Private Networks

How To Manage Web Content Management System (Wcm)

Getting Started with Vision 6

NetSupport School NetSupport School. Product Manual Version 11.41

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

NetSupport Manager Getting Started Guide

How to Setup PPTP VPN Between a Windows PPTP Client and the DIR-130.

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

TECHNICAL SUPPORT GUIDE

1. Installation Overview

ThinPoint Quick Start Guide

PLANNING AND DESIGNING GROUP POLICY, PART 1

Remote Vendor Monitoring

Copyright. Disclaimer. Introduction 1. System Requirements Installing the software 4

Windows Operating Systems. Basic Security

How to configure Mac OS X Server

Security Architecture Whitepaper

Arkay Remote Data Backup Client Quick Start Guide

Microsoft. Pro: Upgrading to Windows 7 MCITP Enterprise Desktop Support Technician.

How To Use Egnyte

Getting Started With Halo for Windows For CloudPassage Halo

Setting Up a Backup Domain Controller

Best Practice Document Hints and Tips

Creating and Managing Shared Folders

Remote Desktop Instructions for the Remote PC Running Windows Vista

Symantec PGP Whole Disk Encryption Hands-On Lab V 3.7

Transcription:

Securing the NetSupport Client Environments, Considerations & Requirements. Overview This document is designed to provide an overview of the security features available within NetSupport Manager and NetSupport School. For detailed information on individual functions please refer to the relevant product help files or product manual. NetSupport School Environments. Typically, NetSupport School is implemented within schools, colleges and universities, where the environment is fairly standard and the computers are already locked down often with Active Directory. The types of user roles are also fairly easy to work out and usually consist of Students, Teachers, ICT and Administration staff. NetSupport School often doubles up as a Remote Support tool for the ICT staff. NetSupport School Considerations. When considering how best to secure NetSupport School it is worth taking into account the following: Students will not always co-operate with the Teacher - therefore security features that require the student to perform an action are often not suitable. There should be little or no interaction required from the Student - i.e. User Acknowledgement where a Student can decide whether to allow or disallow the teacher to connect to their computer is not practical in the education environment. Teachers need to be in Control at all times as above if the teacher has to rely on the Student to perform an action in order that they can connect to them they are not in full control of the Student. User Rights unlike a corporate environment where employees may have the right to privacy, students will not have sensitive data that should not be seen by the Teacher. Therefore the requirement to notify the student that you are watching them is less important. In fact the majority of customers do not want the Student to know whether they are being monitored to ensure that they use the computer correctly at all times, regardless of whether NetSupport is

Technical Document running. Students are very clever NetSupport School in the wrong hands could be very disruptive in the educational environment so it is important that there are no back doors that Students could use. It is therefore important to secure NetSupport School. NetSupport School Requirements. Although there will be exceptions, the majority of NetSupport School customers have the following security requirements from NetSupport School: To restrict unauthorised access to the NetSupport Tutor Restrict unauthorised access to the Administration network. Keep things simple and in the Teachers full control. Securing the NetSupport School Tutor Basic Security Only install the Tutor on the Teachers computer If the Tutor program is installed on Students machines it is more accessible and therefore increases the risk of them being able to use it to gain unauthorised remote access to other computers. Secure the computer where the Tutor program is installed If the Teacher leaves their computer unattended the Student may access the Tutor application. It is therefore necessary to apply password protected screen savers and implement a security policy requiring users to lock their computer if leaving it unattended. Restricting which logged on users can run the Tutor program If a Student were to log onto the Teachers computer they should not be able to run the Tutor program. Active Directory or NetSupport Protect are two ways of restricting what applications logged on users can run. NetSupport School Tutor Security options Profiling the NetSupport School Tutor NetSupport School allows you to set up multiple Tutor Profiles for different users, each with a

pre-defined set of options. On start-up, if multiple profiles have been created the NetSupport Tutor program will dialog requiring the Teacher to select which profile to use. Each profile can be configured to connect to a specific group of Students reducing the chance of the Teacher connecting to the wrong computers. Password protecting the Tutor Profiles Setting a password will require the user to enter a password before they can use the selected profile. If the Teacher does not enter the correct password they will not be able to use the profile. Password protecting the Tutor Configurator The Tutor configuration can be protected by setting a password. This acts independently of the Tutor password if set. Each time a Tutor user subsequently wants to make changes to the configuration, they will be prompted to enter the password. Recording Replay Files at the Tutor A security video file recording all mouse movements and keyboard actions of a Teacher while they are connected to the Student can be created. Replay files are stored locally at the Tutor computer. Securing the NetSupport School Student Basic Security Don t install the Student Configurator unless absolutely necessary By installing the NetSupport Student Configurator you are making it more accessible to the Students. NetSupport School Students configurations can be deployed and managed using the NetSupport Deployment utility this is much easier and removes the need to install the Student configurator component onto each computer. If using a Client32.ini file to configure the Student NTFS file security should be applied Although the NetSupport Student configuration file has a checksum to ensure that the configuration cannot be changed easily it is possible to overwrite the client32.ini file with another, less secure one. Therefore the file should always be secured using NTFS file Security to prevent this. If available use Active Directory to configure the Student NetSupport provide Active Directory ADM templates for the configuration of the Student component, these remove the requirement for a client32.ini, and allow central configuration. If

Technical Document available, it is recommended that Student component is configured using Active Directory. NetSupport School Student Security Options Security Key Adding a Security key requires both the Tutor and Student to have the same encrypted key before the Student component will accept a connection.this removes the risk of an unauthorised person installing a Tutor and connecting to computers. User Acknowledgement If enabled, a Remote Control session cannot take place until the Student has confirmed that they accept the connection being made. This option is useful if installing the software on administration networks where potentially sensitive data is displayed. User Acknowledgement will give the User the opportunity to close any sensitive documents before allowing the Remote User to view their screen. Display customisable text when connected and/or Viewing a Student To ensure that a remote user is aware that their computer is being viewed or is connected a message can be displayed on their desktop. Apply a Configurator password As an extra level of security, a password can be associated with a Configuration File. This prevents unauthorised amendment of this Student configuration. When the Configurator is next started, the user must enter the required password before being able to change any Student parameters in this Configuration file. NetSupport Manager Environments. NetSupport Manager is installed in many varying environments; these may be Managed Service Providers requiring remote access to a single computer on a customer s site, financial institutions wishing to remote control their ATM machines, or one of many other scenarios where secure remote access to computers is required. The types of access that remote users are require also depends on their role within the organisation for example, the computer being controlled may be an unattended server and will therefore require security features that do not rely on the user authorising the connection. Alternatively, the remote user may require access to a computer but not access to the data that can be accessed from this computer.

There are several different scenarios and network topologies that require different security features to allow everyone to do their job whilst at the same time not compromising security. NetSupport Manager Considerations. As the security requirements for NetSupport Manager are varied things to be considered also vary. The following are high level areas of consideration when designing a security policy for NetSupport Manager: Securing the Users Computer. Protecting the Users Data. Protecting the Employee (Human rights/privacy). Securing Servers/Unattended Computers. Protecting the Remote User. NetSupport Manager Requirements. The following are some of the requirements that may be included as part of a security policy for NetSupport Manger: Restricting unauthorised access to computers. Restricting unauthorised access to data. Notify users of the remote users actions/intended actions. Providing an Audit of events. Different access for different users/roles. A strong set of security features. Control and Client side security. Securing the NetSupport Manager Control Basic Security. Only install the NetSupport Control where required The NetSupport Control should only be installed where required, if the Control is installed on all computers the risk of it being used to gain remote access to other computers without permission increases considerably. Secure the computer where the NetSupport Control program is installed If the User leaves their computer unattended it may be used without permission, therefore

Technical Document applying password protected screen savers and enforcing policy requiring users to lock their computer if leaving it unattended are important. Restricting which logged on users can run the NetSupport Control program If a unauthorised user were to log onto the Control users computer they should not be able to run the Control program. Active Directory or NetSupport Protect are two ways of restricting what applications logged on users can run. NetSupport Manager Control Security Options The following section lists NetSupport Control security related features. These have been categorised as follows: Securing the NetSupport Manager Control. Protecting the Control User. Protecting the User. Protecting the Data. Securing the NetSupport Manager Control To prevent unauthorised access to the NetSupport Manager Control or to functions available within the Control interface, one or more of the following features should be considered: A Control Password. Control Profiling. Hiding the Client list, Group list, Dial-up list and/or Gateway list. Making the Client list, Group list, Dial-up list and/or Gateway list Read Only. Disabling the Browse function. Disabling certain Remote Functions. Disabling certain View Modes. Exit on Disconnect. Protecting the Control User To provide a record of what the Control user did whilst connected to the remote computer an audit can be created giving details of the session: Event logging. Recording the Remote session.

Protecting the User To ensure that the user is aware of the Control users intentions and has the opportunity to stop them or close sensitive documents, one or more of the following functions may be used: Specifying the Control Name. Specifying the Control Description. Prompting to provide additional information when connecting. Providing a message on disconnect. Protecting Data To ensure that data at the users computer is protected from the Control user, either whilst being viewed on screen or whilst it is being transferred, one or both of the following options are available: Using Encryption. Blanking the Client Screen. Securing the NetSupport Manager Client Basic Security Don t install the Client Configurator unless absolutely necessary By installing the NetSupport Client Configurator you are making it more accessible to unauthorised access. NetSupport Manager Configurations can be deployed and managed using the NetSupport Deployment utility this is much easier and removes the need to install the Client configurator component onto each computer. If using a Client32.ini file to configure the Client apply file security Although the NetSupport Client configuration file has a checksum to ensure that the configuration cannot be changed easily it is possible to overwrite the client32.ini file with another, less secure one. Therefore the file should always be secured using NTFS file Security. If available use Active Directory to configure the Client NetSupport provide Active Directory ADM templates for the configuration of the Client component. These remove the requirement for a client32.ini, and allow central configuration. If available, it is recommended that Client configuration through Active Directory is used.

Technical Document NetSupport Manager Security Options The following NetSupport Client security related features have been categorised as follows: Securing the NetSupport Manager Client. Protecting the Control User. Protecting the User. Protecting the Data. Securing the NetSupport Manager Client Preventing unauthorised access and use of the NetSupport Client can be achieved using a combination of the following features: Profiling the NetSupport Client to provide different feature sets for different remote users/groups. Using a proprietary username and password to establish a remote connection. Using NT Authentication to establish a connection. Using Active Directory Authentication to establish a connection. Disabling features available to remote users. Implementing a Security key. Restricting connections to certain IP or IPX addresses/ranges. Locking the computer on disconnect. Logging the computer off on disconnect. Restarting the computer on disconnect. Protecting the Client configurator using a proprietary username and password. Protecting the Client configurator using NT authentication. Always Prompt for username and password. Protecting the Control User To provide a record of what the Control user did whilst connected to the remote computer an audit can be created providing details of the session: Event logging to a file. Event logging to the Event log. Denying the connection if no log file available. Recording the Remote session.

Protecting the User To ensure that the user is aware of the Remote users intentions and has the opportunity to stop them or close sensitive documents, one or more of the following functions may be used: User acknowledgement. Displaying message on disconnect. Displaying a message whilst connected. Displaying a message whilst being viewed. Beep whilst connected. Protecting the Data To ensure that data at the users computer is protected either from the Control user either whilst being viewed on screen or whilst it is being transferred, one or both of the following options are available: Force Controls to use encryption. Setting a minimum encryption level. Forcing the remote user to inherit the logged on users file system permissions. Applying restrictions to the local file system for the remote user. About NetSupport NetSupport s desktop management products are utilized on more than 7 million desktops throughout 50 territories. For more information and a free trial, visit http://www.netsupport-inc. com or call 1-888-665-0808. Tel: +44 (0)1778 382270 Email: sales@netsupportsoftware.com Tel: +49 (0)89 550 508-30 Email: sales@pci-software.de Tel: 770-205-4456 Email: sales@netsupport-inc.com Tel: 905-415-4708 Email: sales@netsupport-canada.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information