Remote Support
Remote Access
Monitoring and Management
Presentation
Remote Work
Standard
Business
EnterpriseWith work on our next major release of SimpleHelp wrapping up, we wanted to provide you wish an update on the security related changes in releases v5.5.8 and in the upcoming v5.6.
SimpleHelp v5.5.9
SimpleHelp v5.5.9 is the latest public release of SimpleHelp. v5.5.10 is due shortly with bug fixes but no security related changes. SimpleHelp v5.5.9 builds upon the changes we implemented in v5.5.8 to provide additional protective measures to ensure the security of your SimpleHelp deployment:
- Password Storage - the SimpleHelp server now uses larger, more variable hashes for your technician passwords. This makes it harder for a malicious user to reverse engineer a technician’s password given the server configuration.
- The server will dynamically migrate user passwords whenever the user logs into their technician account.
- You can force this to happen by resetting a user’s password.
- Web Server Restrictions - the build in web server now serves data through secondary security layer that analyses served data to ensure that no sensitive information is compromised. There is no additional configuration required to take advantage of this.
SimpleHelp v5.6
Based on the feedback on this forum we’ve implemented a number of features in v5.6 that will help you secure your server.
- Application Firewall - a new application firewall allows you to specify what IPs are able to access specific resources within the SimpleHelp server. For example, you can specify rules to only allow HTTP access from certain sites, or only allow Remote Access downloads from others. We do not intend for this to replace a network-level firewall, but it allows more granular SimpleHelp-specific controls for incoming network connections.
- Technician Authorisations - the server now supports an authorisation mechanism when technicians login from new devices. This ensures that access is not automatically granted even if a technician’s credentials are leaked. Once authentication (and MFA) are complete, the technician’s access will be blocked until access is approved.
- Approval requests are emails and notifications in an existing Technician Console.
- Approval requests are sent to server administrators and/or to the user logging in.
- Security Audit - the server has a security audit feature that you can run to receive recommended and critical suggestions on how you can improve your SimpleHelp server configuration.
- Password Controls - administrators can now specify password complexity requirements, can receive notifications of weak passwords, and can force technicians to reset their passwords.
- Improved Logging - the server event log has been separated into a runtime log and a set of feature-specific logs that help give insight into what is happening on your server:
- Access - the access log provides access and authentication items only, such as when a technician successfully logs in, or when a MFA challenge fails.
- Web - an HTTP access style log, indicating what HTTP requests are being served by SimpleHelp.
- Error - an error log detailing any severe errors in the SimpleHelp server.
- Change - an error log detailing server configuration changes.
- Activity - a log that lists all session activity on the SimpleHelp server.
Thanks for your support of SimpleHelp. If you have any queries about these changes, please let me know here or email us at support@simple-help.com.
