256-bit SSL encryption to protect data: Symantec remote desktop access security assessment Free Trial | Support Virtualization Blog | Webcasts
Bomgar: Revolutionizing Remote Support Remote Desktop Access Help Desk Support Solutions Customers Help Desk News About Bomgar Contact Bomgar

Symantec Security Assessment: SupportDesk™ 9 Product Penetration

PDF Version (84KB)   Email This Item


NetworkStreaming Security Architecture

3. Communications Encryption

The architecture of the NetworkStreaming application environment relies on the SupportDesk™ appliance application as a centralized routing point for all communications between application components. All SupportDesk™ sessions between representatives and remote customers occur through the server components that run on the SupportDesk™ appliance. Data transmitted during these sessions includes customer screen data back to the representative and, in some cases, commands from the representative that result in remote control of the customer's workstation.

To protect the integrity of the customer's screen data and prevent unauthorized eavesdropping and/or modification of application data in transit, NetworkStreaming uses 256 bit SSL to encrypt all application communications in transit. The default installation of an application server contains a pre-generated SSL server certificate to support data encryption upon initial use. However, administrators of a NetworkStreaming application may also create and deploy their own certificates. It is strongly recommended that customers generate and install a verifiable certificate in order to establish a valid trust relationship with clients. The security of the system, from the client perspective, is predicated on the integrity of the downloaded and installed Customer Client binary. For a client to assign appropriate trust to the binary, it has to be downloaded from a trusted source. A verifiable certificate, signed by a trusted authority, authenticates the server to the client and allows the client to make that reasonable trust assignment.

In addition to encrypting data in transit, the 256 bit SSL architecture also protects application users against the threat of a man-in-the-middle attack or the deployment of a rogue application server. In a normal configuration, application clients validate the certificate presented by the server during SSL negotiation. Symantec observed that the presence of an invalid or untrusted certificate on the server will cause the Customer Client to terminate the connection and report an error to the user.

The Appliance ships with SSL version 2 disabled by default and provides an administrative interface to optionally enable it. The SSLv2 protocol contains design flaws and is generally considered insecure. Modern browsers support SSLv3 and TLSv1 and will not be adversely affected by the absence of SSLv2.

<< Previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Next >>

 

The Adobe® logo is a registered trademark of Adobe Systems Incorporated in the United States and/or other countries.
© 2003-2008 Bomgar Corporation | All Rights Reserved Remote Desktop Access Products | Remote Support Solutions | Unattended Remote Access | Webcasts
Formerly NetworkStreaming Inc. | PrivacyRemote PC Access | Mac Remote Access | Linux Remote Access | Remote Control for Windows Mobile