1. No category

Security Description

Security Description
© FastViewer GmbH
Seite 1
TABLE OF CONTENTS
General Procedure
1
Overview of Connection Setup
3
General Security Features
4
Security Features (Modules)
5
Certificates Used (Codes)
8
Certificates Used (SSL)
9
External Certificates
10
Data Protection
11
© FastViewer GmbH
0
Seite 2
GENERAL PROCEDURE
Encryption method and data security
The master module first obtains a list of the actively available FastViewer communication servers
from multiple redundant web servers over HTTP.
The master module looks for the fastest communication server, which is used for the subsequent
session. This guarantees 100% reliability. The FastViewer Customer Portal can be used to
configure whether communication should occur via servers distributed worldwide, across Europe,
or exclusively in Germany.
The master module then connects to the selected FastViewer communication server. It does this
via port 5000 (TCP), port 443 (HTTPS) or port 80 (HTTP) or an existing proxy server, if present.
The 6-digit session ID is obtained via this connection. This session ID is usually transmitted to the
session partner over the telephone or by e-mail.
The session partner then enters the obtained session ID into the client module. The client module
also obtains the list of actively available FastViewer communication servers. The client module
connects to the FastViewer communication server via port 5000 (TCP), port 443 (HTTPS) or port
80 (HTTP) or via an existing proxy server, if present.
The master module and the client module then negotiate a 256-bit AES key (using the Rijndael
algorithm). To ensure that data cannot be read at either the FastViewer communication server or
at any other point in the connection, the rest of the communication takes place only via the 256bit AES-encrypted connection. The FastViewer communication server is NOT able to decrypt the
data because it is never in possession of the 256-bit AES key (see also the TÜV certificate)!
The screen transfer then occurs in the desired direction. The session partner can stop the remote
control at any time by pressing the "F11 key" on his or her keyboard.
© FastViewer GmbH
1
Seite 3
GENERAL PROCEDURE
Security features of FastViewer Secure Advisor
With FastViewer Secure Advisor, a particularly intensive level of protection is required.
This is ensured by triple security mechanisms:
Since the installed remote client requires only an outbound connection, remote access from
the outside is not visible. Consequently, no hacker attacks are possible because no incoming port
is open.
1
2 FastViewer works like a debit card with a PIN. Login requires possession of the appropriate
FastViewer EXE file for the client and knowledge of the right login credentials.
3
Additional protection to guarantee security is provided through the Windows login.
Extended protection mechanism through SMS authentication
In addition to the previously mentioned security features, an SMS authentication function is
available. To enable access the overview of remote devices, it is necessary to enter a login code,
which is sent to the respective registered phone number. This ensures that remote maintenance
sessions on remote clients are only possible exclusively by authorized personnel.
Independence through own server solution
Another possibility is to use your own server solution. This solution can be used completely
independently of our IT infrastructure. All sessions are handled through your own server
independently of the FastViewer communication servers. This variant uses the same security
standards as described above.
Multiple redundant systems can guarantee reliability.
Rijndael algorithm
In the year 2000, the National Institute of Standards and Technology established the Rijndael
algorithm as the official standard, known as the Advanced Encryption Standard (AES). Fifteen
potential candidates were involved in the three-year selection process. During the competition,
the encryption formulas of the individual candidates were made public so that they could be
tested (attacked) publicly by the competitors. From among the finalists, the Rijndael algorithm
was selected as providing the "best combination of security, performance and effectiveness."
(Source: www.nist.gov )
© FastViewer GmbH
2
Seite 4
OVERVIEW
SETTING UP A CONNECTION
1
Redundancy
The master module looks for the fastest
available communication server, which is then
used for the subsequent session. If you are
using your own server solution, a list of the
available communication servers is stored in
both the master module and the client module.
If you are using multiple servers of your own,
or if the FastViewer server is being used, the
master module checks which server can
respond the fastest to the request. This server
provides the session ID and acts as the
communication server for the session. This
approach ensures a uniform load on the
servers. The load is distributed automatically.
300 ms
1
250 ms
1000 ms
Closed corporate network
etc.
1
Strict separation of servers
If customers use their own server solution, the
connection is set up only to the defined
servers. If different versions are used, the
FastViewer update server is accessed, unless
the customers provide the versions themselves. This access can be securely prevented
on request. In short, it is possible to ensure
exclusive and secure communications within a
defined corporate network.
© FastViewer GmbH
3
Seite 5
GENERAL
SECURITY FEATURES
CRC check
Video recording
A checksum is built into the program
code when compiling the EXE files. If
this checksum is modified or hacked
using a tool, the program can no longer
be started due to a checksum error. This
effectively prevents unwanted changes
to the program code and ensures the
functionality of all the defined security
features.
A video recording, which starts
automatically on request, can be activated for verification purposes at both
the customer and supporter ends. The
video file is linked to the player in a
separate, unmodifiable format and is
output as an independent EXE file. This
prevents subsequent manipulation.
Log files
Installation-free
After a session, a comprehensive log is
made available, which allows conclusions to be drawn about the duration
(start and end), host names and IP
addresses involved. This log can be
exported for evaluation purposes.
Access is enabled via either the
FastViewer-specific customer portal or
the log viewer (if you are using your
own server solution).
FastViewer is an application that does
not have to be installed by either the
supporter or the customer (except for
Secure Advisor Remote Client, which is
installed as a service).
After a remote maintenance session,
the program modules exit cleanly
without any residual effects. This
means that no interventions into the
customer system and subsequent
access to the remote system are
possible.
© FastViewer GmbH
4
Seite 6
SECURITY FEATURES (MODULES)
1
2
9
10
3
6
1
2
4
5
7
8
9
10
11
1
Video recording
2
The master and client modules independently
enable the active session to be recorded. The
video is saved in a separate format and
permanently linked to our own player. At the
remote end, it is always apparent when a video
recording takes place.
3
User Management
Information on the session being conducted is
stored in an online log during a session. This
information includes the FastViewer user
name, session ID, number of participants,
FastViewer version number, Windows login
name, host names, IP addresses, free-text
items and time stamp. The logs can be
evaluated and exported via the customer
portal or by using a separate tool if you are
using your own server solution.
4
Protection functions
6
The user always retains control over the
remote maintenance activities. The control
rights can be withdrawn from the supporter by
pressing the F11 key. The user has the option of
canceling file access or the entire session at
any time.
7
Black list / White list
A black list or white list can be configured in
the customer portal to make applications
selectively available or to block access. This
setting cannot be changed during the active
session.
© FastViewer GmbH
Pause function
The presenter can pause the active session at
any time. This freezes image transmission.
The user management can protect the master
module against unauthorized access.
5
Logging
Active Directory
Exported user keys can also be read from an
existing Active Directory. These keys protect
the module from being executed outside the
domain.
8
Application filter
Before the remote desktop is transmitted, the
presenter has the opportunity to select the
specific applications to be transmitted. You
can also follow the same procedure for the
desktop and task bar or newly launched
applications.
You can,
of course, also share the
Security
description
entire desktop.
5
Seite 7
SECURITY FEATURES (MODULES)
1
2
9
10
3
6
1
2
4
5
7
8
9
10
11
9
Features
All features can be configured via the
customer portal. This makes it possible to
customize the interaction between all security
features. For example, file transfer and file
storage can be prevented. Client control can
also be prevented.
11
10
Ending a session
The customer is able to end the session at any
time. This is done by clicking on the Close
button in the FastViewer sidebar. In addition,
the customer has the option to stop the
remote control by pressing the "F11 key" on his
or her keyboard. The customer can thus
actively prevent changes to his or her system
and terminate access.
File transfer
If the remote system is accessed by file
transfer during an active session, multiple
security barriers go into effect. The supported
customer must approve the file transfer. If the
approval is not granted, the file system cannot
be accessed. A shared file transfer or file
system access can, of course, also be canceled
at any time.
© FastViewer GmbH
6
Seite 8
SECURITY FEATURES (MODULES)
Secure Advisor (Remote Access)
12
12
13
16
17
14
15
Outgoing connection
Especially intensive protection mechanisms, which are carried out in
addition to the activities described
above, are needed for the remote
access
(installed
service)
of
FastViewer Secure Advisor.
13
The remote client is invisible to outside attacks
due to its exclusively outgoing connection.
14
As secure as a debit card
Access is enabled only through the input of a
user name and the associated password.
15
Service settings
The user must activate the service to grant
access (configurable).
© FastViewer GmbH
Windows protection
Additional protection is provided by the
upstream Windows application of the client
(subject to the respective Windows security
settings).
FastViewer works like a debit card with a PIN.
Login requires possession of the appropriate
FastViewer EXE file for the client and
knowledge of the right login data.
16
Access restriction
17
Timeout
A timeout can be set. The customer decides
whether or not access is granted after this
timeout.
7
Seite 9
CERTIFICATES USED
(CODE)
Thawte code signing
A thawte code-signing certificate is
strongly
recommended
for
all
publishers who distribute code or
content over the Internet or corporate
extranets and who must ensure the
integrity and authorship of that code.
Features and benefits
Online certificate status
Signing of active content such as
ActiveX, macros, MIDlet (J2ME) and
Java Applets for secure electronic distribution via the Internet. This authenticated digital signature is used to
efficiently verify your software source
before it is downloaded:
This ensures that your active content or
code cannot be maliciously modified,
grants your users access to the
responsible publisher and offers the
advantage of the secure thawte certification procedure on a global level.
A major software vendor has released a
beta version of its browser, which
automatically checks the certificate
status. This new testing protocol will
accelerate thawte certificate validation,
while reducing the misuse of invalid
certificates and displaying the company
data immediately to the end user.
thawte has invested in its infrastructure
and now offers a new "online certificate
status protocol (OCSP)" instead of the
old "certificate revocation lists (CRL)".
Not all CAs can offer and support this
service.
For more information, visit www.thwate.de.
© FastViewer GmbH
8
Seite 10
CERTIFICATES USED
(SSL)
Server certificate requests
By default, FastViewer communication
occurs over TCP 5000 or over HTTPS
443 or HTTP 80 as alternatives.
Customers who use their own server
solution of FastViewer can decide
which ports to use for the communication. Operating FastViewer exclusively over HTTPS provides enhanced
security, since this makes it possible to
verify the "authenticity" of the tunnel
server(s) by the standard SSL encryption method. The communication
server requires an IP address and an
SSL certificate to operate using HTTPS.
Viewers can check which protocol is
connecting them to the tunnel server in
the FastViewer connection. It is
possible to allow only valid HTTPS
connections on a proxy server or firewall, which means that a connection
will only be established if valid SSL
certificates are recorded on the tunnel
server. The SSL certificate can be easily
checked by calling it from Internet
Explorer.
e.g.: https://tunnel6.FastViewer.com ->
Right mouse button: Properties ->
Certificates
Authentication
Authentication is used so that each
party can verify the identity of the other
party to the connection - a problem that
is becoming more and more significant
due to phishing attacks.
© FastViewer GmbH
HTTPS
HTTPS is used for encrypting and
authenticating communication between
web servers and browsers on the World
Wide Web.
Syntax
HTTPS is syntactically identical to the
scheme for HTTP; the additional
encryption of data is done via SSL/TLS:
a protected identification and authentication of the communicating parties is
initially performed using the SSL handshake protocol. A shared symmetrical
session key is then exchanged using
asymmetrical encryption or the DiffieHellman key exchange. This method is
ultimately used to encrypt the user
data.
9
Seite 11
EXTERNAL CERTIFICATES
TÜV Süd
BISG
We require our communication solution
to meet the strictest data security
standards. We subjected our software to
one of the toughest tests so that the
people you deal with will have complete
confidence in you and the solution you
have deployed. FastViewer is the world's
first desktop sharing solution that has
received the TÜV SÜD certificate for
data security and functionality.
The German Federal Association of IT
Experts and Consultants (BISG) has
awarded FastViewer its prestigious
seal of quality and describes the
product's performance as "very good."
In particular, the testers praised the
product's lean architecture, installationfree use, outstanding handling and
excellent stability. The testers also
praised the fact that the user interface
is transparently designed for users and
thus avoids a steep learning curve. All
in all, it is rated as an excellent product.
FastViewer offers all options for connection types as well, including, for
example, an HTTP client for tunnel
connections (even behind firewalls),
secure direct connections (encrypted)
and direct connections. Since FastViewer never acts as a server, it also
meets modern security guidelines
without sacrificing balanced performance. The German Federal Association made the following concluding
comments:
FastViewer Instant Meeting (formerly
Confered) and Secure Advisor (formerly
Supported) were meticulously tested for
functionality and data security according
to the guidelines:
ISO/IEC 25051:2014 (functionality),
PPP 13011:2008 (data security & safety)
"In summary, FastViewer is a product
that is impressive in its flexibility and
user-friendliness".
© FastViewer GmbH
10
Seite 12
DATA PROTECTION
BDSG excerpt
3. Access control
The following is an overview of the data
protection
aspects
relevant
to
FastViewer, as regulated in Section 9,
Technical
and
Organizational
Measures, of the BDSG (German
Federal Data Protection Act).
Steps must be taken to ensure that
persons authorized to use a data
processing system have access only to
the data they are authorized to
access, and that personal data cannot
be read, copied, altered or removed
without
authorization
during
processing, use and after recording.
1. Access control
Unauthorized persons must be prevented
from
accessing
data
processing systems with which
personal data is processed or used.
The server room of FastViewer can only be
accessed by persons authorized to enter
the server room. The lock on the steel door
to this room prevents unauthorized access
by external or third parties.
Personal data can be edited only by
administrators using their access authorization. Employees cannot edit or copy
personal data stored in the system or
manipulate this data in any other
unauthorized manner. Employees are
divided into groups that have different
access authorizations for the data records.
This is guaranteed by a Windows server
structure in conjunction with the "Active
Directory."
2. Access control
Steps must be taken to prevent
unauthorized third parties from using
data processing systems.
Access to the premises of the data
processing equipment is protected, and all
equipment and IT systems are provided
with constantly changing passwords.
These passwords are changed on a
monthly basis. If a user does not change
the password, the system will force him or
her to do so.
© FastViewer GmbH
11
Seite 13
DATA PROTECTION
4. Disclosure control
6. Input control
Steps must be taken to ensure that
personal data cannot be read, copied,
altered
or
removed
without
authorization
during
electronic
transfer or transport or while being
recorded onto data storage media, and
that it is possible to determine and
check to which entities personal data is
to
be
transferred
using
data
transmission facilities.
Steps must be taken to ensure that it is
possible after the fact to check and
ascertain whether personal data has
been entered into, altered or
removed from data processing
systems and if so, by whom.
Personal data from the IT system is
protected against unauthorized copying to
data media. In the case of FastViewer,
data is generally not copied to data media
and used outside the company. If an
employee works in the field over a VPN
connection, access is protected by a
firewall and corresponding antivirus,
spyware removal and anti-hacker
software. Protection is provided from both
the server and the user computers by
installing corresponding software.
Antivirus software: Sophos Endpoint
Security and Control
Hardware firewall: Sophos UTM9
(Internet gateway with incoming and
outgoing virus scans as well as spyware
checks).
© FastViewer GmbH
Every modification, deletion or processing
of data and data records is stored in the
FastViewer IT system (Selectline inventory
management system). It is possible to
track which user has made what change
and when, etc., at any time. This report is
visible only to administrators and is
analyzed and monitored on a weekly basis.
6. Job control
Steps must be taken to ensure that
personal data processed on behalf of
others is processed strictly in compliance
with
the
controller's
instructions.
Only administrators have the authorization to edit personal data. These
administrators can edit the relevant data
in accordance with the written instructions
of the client.
12
Seite 14
DATA PROTECTION
7. Availability control
8. Separation control
Steps must be taken to ensure that
personal data is protected against
accidental destruction or loss.
Steps must be taken to ensure that data
collected for different purposes can
be processed separately.
The servers are backed up fully on a daily
basis. All servers have mirrored hard drives
in RAID systems and are equipped with
redundant components.
The equipment used can be remotely
serviced and administered at any time via
the FastViewer software solution. The
communication servers used for this
purpose are located in highly secure data
centers. For the connections themselves,
one of the highest quality encryption
methods is used to ensure an appropriate
security standard. (256 bit AES)
Our system guarantees that data collected
for different purposes can also be
processed separately. This data is stored in
the inventory management system
(Selectline).
All critical systems are subject to
permanent monitoring through the
monitoring software of the manufacturer
Paessler. If critical values regarding the
availability or performance of the networks
or used devices are reached, the
supervising administrators are notified
immediately by email/SMS.
The targeted monitoring of system
components and processes helps prevent
system bottlenecks, congestion and
failures. Due to the comprehensive
functionality of the monitoring systems by
Paessler, it is possible to monitor and
document the overall status of the network
as well as the individual devices 24 hours
a day. The monitoring report is regularly
evaluated by an authorized administrator.
© FastViewer GmbH
13
Seite 15

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2025 Paperzz