New User / Security Concerns

Troubleshooting

New User / Security Concerns

Postby Greg_Salyer_13 » 02 Dec 2016, 13:50

I just bought 12 licenses to replace rAdmin. I have ran into a couple of security concerns. We use the client/viewer on computers with multiple users. Some are allowed to use the remote software and some are not allowed. This was not an issue with rAdmin as it did not allow the saving of passwords nor did it stay logged on when you closed a remote connection.

1. Is there a way to prevent a client/viewer from being able to save passwords? It seems this should be a great server side setting. Option that would not allow any viewer to save the password.

2. Is there a way to force total logoff any time the connection is closed? Right now a user must manually logoff every connection otherwise another user can simply open the connection without any password and gain unauthorized access to the server. At the very least I would like to see all active sessions logged off when the viewer application is closed ( X clicked ). Most users assume this is the same as "Exit".

3. I would also like to see a server option to logoff inactive users after a specified time of inactivity. I have users that forget to logoff.

Thanks!
Greg_Salyer_13
 
Posts: 3
Joined: 02 Dec 2016, 13:21

Re: New User / Security Concerns

Postby admin » 03 Dec 2016, 15:47

Hi!
LiteManager behavior is very similar to rAdmin

with rAdmin as it did not allow the saving of passwords nor did it stay logged on when you closed a remote connection.

It is very simple, just do not save Password on viewer side.
Close Viewer use main men Connection - Exit, to prevent unauthorized access to remote servers

1. Is there a way to prevent a client/viewer from being able to save passwords? It seems this should be a great server side setting. Option that would not allow any viewer to save the password.

Just do not use save password option on viewer side.
save_pass.png
save_pass.png (17.28 KiB) Viewed 11799 times


2. Is there a way to force total logoff any time the connection is closed? Right now a user must manually logoff every connection otherwise another user can simply open the connection without any password and gain unauthorized access to the server. At the very least I would like to see all active sessions logged off when the viewer application is closed ( X clicked ). Most users assume this is the same as "Exit".

Yes, no problem, just disable option minimize to tray icon. After this Viewer will close when "X" clicked.
Disable_viewer_tray.png
Disable_viewer_tray.png (32.8 KiB) Viewed 11799 times


or Exit from Viewer trough main menu - Exit
Viewer_exit.png
Viewer_exit.png (12.49 KiB) Viewed 11799 times


3. I would also like to see a server option to logoff inactive users after a specified time of inactivity. I have users that forget to logoff.

Inactive users (if viewer is closed) logoff automatically after 5-10 min.
If need logoff all users from server, on remote side, use tray icon popup menu - Information about connection and Close all connection "X" button
server_logoff_1.png
server_logoff_1.png (43.56 KiB) Viewed 11799 times


Please don't hesitate to contact me if you have any questions.
Best Regards LiteManagerTeam
admin
Администратор
 
Posts: 496
Joined: 07 Jun 2010, 13:19

Re: New User / Security Concerns

Postby Greg_Salyer_13 » 06 Dec 2016, 15:11

Unfortunately all the suggestions you have provided require some sort of user intervention.

>> It is very simple, just do not save Password on viewer side. <<
There is no way to stop a user from saving the password. The server should be able to tell the viewer "Don't allow any password save" In my opinion you should not ever allow a remote control program to save a password to a server. What happens if the viewer is installed on a laptop that gets stolen? The thief now has access to all the servers with saved passwords!


<< Yes, no problem, just disable option minimize to tray icon. After this Viewer will close when "X" clicked. <<
This is a partial solution but again requires the end user to turn this option on.


<< If need logoff all users from server, on remote side, use tray icon popup menu - Information about connection and Close all connection "X" button <<
This is not even a partial solution. The servers are often unmanned and even if someone is there, they are unaware of the remote control software and need to stay that way. This is a retail environment with multiple sales clerks running workstations. They cannot be trained to mess with remote control software. This would open up even more security concerns.

Please....

1. Either remove the viewers save password option completely OR give the server the ability to control if it can be used.

2. Viewer staying logged on when minimized. I cannot see any reason to even have this ability. Seems it would just waste network resources for no reason. However perhaps someone else likes this, so a server side option that states "Closing a viewer connected to this server will force the logoff of that viewer" would solve my concerns.

3. Add a server option to logoff any user after a specified time of inactivity. Users get distracted or busy and simply forget to logoff,

As I see it with remote control software these types of security concerns MUST be under control of the server as anyone can install the viewer software.
Greg_Salyer_13
 
Posts: 3
Joined: 02 Dec 2016, 13:21

Re: New User / Security Concerns

Postby admin » 07 Dec 2016, 08:11

1. Either remove the viewers save password option completely OR give the server the ability to control if it can be used.

Unfortunately, we can't remove Save password option from our software, or restrict it from server side, it is just the option don't use it.
I can recommend for you use NT security settings. litemanager is not save password for NT security
http://www.litemanager.com/support/Know ... _security/

2. Viewer staying logged on when minimized. I cannot see any reason to even have this ability. Seems it would just waste network resources for no reason. However perhaps someone else likes this, so a server side option that states "Closing a viewer connected to this server will force the logoff of that viewer" would solve my concerns.

Possible to disable minimization to tray, or exit from Viewer by main menu Connection - exit.
You can Logoff connection manual, use connection menu - Logoff.

3. Add a server option to logoff any user after a specified time of inactivity. Users get distracted or busy and simply forget to logoff,

Server logoff connection after 5-10 min of inactivity.

As I see it with remote control software these types of security concerns MUST be under control of the server as anyone can install the viewer software.

Yes, in the server security you can find a lot of options, IP filter, WinNT security, user notification and asking user permissions
Best Regards LiteManagerTeam
admin
Администратор
 
Posts: 496
Joined: 07 Jun 2010, 13:19


Return to LiteManager: Support

Who is online

Users browsing this forum: No registered users and 1 guest

cron