With work on our next major release of SimpleHelp wrapping up, we wanted to provide you wish an update on the security related changes in releases v5.5.8 and in the upcoming v5.6.
SimpleHelp v5.5.9
SimpleHelp v5.5.9 is the latest public release of SimpleHelp. v5.5.10 is due shortly with bug fixes but no security related changes. SimpleHelp v5.5.9 builds upon the changes we implemented in v5.5.8 to provide additional protective measures to ensure the security of your SimpleHelp deployment:
- Password Storage - the SimpleHelp server now uses larger, more variable hashes for your technician passwords. This makes it harder for a malicious user to reverse engineer a technician’s password given the server configuration.
- The server will dynamically migrate user passwords whenever the user logs into their technician account.
- You can force this to happen by resetting a user’s password.
- Web Server Restrictions - the build in web server now serves data through secondary security layer that analyses served data to ensure that no sensitive information is compromised. There is no additional configuration required to take advantage of this.
SimpleHelp v5.6
Based on the feedback on this forum we’ve implemented a number of features in v5.6 that will help you secure your server.
- Application Firewall - a new application firewall allows you to specify what IPs are able to access specific resources within the SimpleHelp server. For example, you can specify rules to only allow HTTP access from certain sites, or only allow Remote Access downloads from others. We do not intend for this to replace a network-level firewall, but it allows more granular SimpleHelp-specific controls for incoming network connections.
- Technician Authorisations - the server now supports an authorisation mechanism when technicians login from new devices. This ensures that access is not automatically granted even if a technician’s credentials are leaked. Once authentication (and MFA) are complete, the technician’s access will be blocked until access is approved.
- Approval requests are emails and notifications in an existing Technician Console.
- Approval requests are sent to server administrators and/or to the user logging in.
- Security Audit - the server has a security audit feature that you can run to receive recommended and critical suggestions on how you can improve your SimpleHelp server configuration.
- Password Controls - administrators can now specify password complexity requirements, can receive notifications of weak passwords, and can force technicians to reset their passwords.
- Improved Logging - the server event log has been separated into a runtime log and a set of feature-specific logs that help give insight into what is happening on your server:
- Access - the access log provides access and authentication items only, such as when a technician successfully logs in, or when a MFA challenge fails.
- Web - an HTTP access style log, indicating what HTTP requests are being served by SimpleHelp.
- Error - an error log detailing any severe errors in the SimpleHelp server.
- Change - an error log detailing server configuration changes.
- Activity - a log that lists all session activity on the SimpleHelp server.
Thanks for your support of SimpleHelp. If you have any queries about these changes, please let me know here or email us at [email protected].
3 Likes
Here are a few screenshots of the Audit report, Firewall and Logging.
2 Likes
Thank you for the updates. Since you’re still updating the 5.5 branch, is there an ETA on the 5.6 branch? If it’s not too long we’ll go ahead and 5.5.9. Thanks so much!
Thanks Trey 
We’re hoping to get a pre-release version of v5.6 out next month. There will be another bug fix v5.5 release before then (probably at the start of next week).
Sweet! Thanks for the updates and continuing to strengthen SH
Not quite yet.
Development is done but we are still performing core server stability tests at the moment. Once those pass we’ll announce a pre-release version for users to try out!
2 Likes
Unfortunately, my support period ended in August.
I held out hope that this new version would arrive before then.
It's a frustrating experience to see that eight months have passed
since the announcement and we haven't received any further news.
SimpleHelp 6.0
Changes and Improvements
A large portion of the SimpleHelp server has seen alterations in this release in order to support the creation of a robust Technician Console web-based experience. As such we appreciate evaluation and feedback on all aspects of SimpleHelp. The noteworthy user-facing changes are detailed below:
-
A New Look - the visual elements and layout of all applications have been updated to provide an improved experience to users.
-
Upgrade Improvements - applications now provide more information about the upgrade progress when first launched after a server upgrade. Additionally, updates are more reliably fetched from the server in restrictive network environments.
-
ToolBox Improvements - ToolBoxes have been reworked to make them easier to manage:
-
Tools are now presented in a tree layout supporting nested groups.
-
Tools can easily be moved between groups and renamed.
-
Tools can be marked as favourites. Favourite tools are presented as a list in the Access tab and can be run with a single click.
-
Technicians can now decide how tools are shared with other technicians, and whether they can be modified or not.
-
Server Administrators can see and modify the tools of other technicians.
-
Tools now support target architecture fields.
-
Output produced by running tools can be popped out into a separate window and easily searched or exported.
-
Executed tools can easily be rerun with a single click.
-
Tool runs now appear in the History tab and include results of the tool execution.
-
Clipboard Synchronisation - in-session clipboard change detection allows the local and remote sides of a session to synchronise clipboard state. Users can now select how the clipboard should be shared depending on their requirements.
-
Security Audit - a built-in security audit allows you to easily see how to improve the security of your SimpleHelp server. An audit can be run at any time and will suggest configuration changes in order to ensure you maximise the security of SimpleHelp in your environment.
-
Technician Authorisation - an optional configuration setting to lock down Technician access to your SimpleHelp server:
-
The server can be configured to require manual authorisation for new Technician Console installations that are accessing the server for the first time.
-
Authorisation can be done by Administrators in the Technician Console or an email can be sent to the user logging in.
-
Built-in Firewall Support - a built-in firewall that can supplement the server’s firewall to provide application-level filtering options:
-
Create and order ALLOW / DENY rules.
-
Filter access on low-level network access (TCP or UDP) or high-level application access (Technician, Support, Web, etc.).
-
Logging and Auditing Improvements - a set of features makes it easier to see what is happening on your SimpleHelp server:
- The single server log has now been split into a number of different logs for different contexts (access logs, web logs, error logs, etc.).
-
TLS Additions - improved the installation and configuration of TLS certificates
-
SimpleHelp clients on Windows now detect the operating system’s certificate store and trust any root or intermediate certificates contained within it. This allows customers to seamlessly use self-signed root certificates already deployed on their endpoints.
-
SimpleHelp now indicates which ciphers and protocols are weak or recommended, and includes a button to switch to recommended settings.
-
A warning is now sent out when a TLS certificate is about to expire.
-
New Remote Access Service Approvals
-
Configure your SimpleHelp server to keep new Remote Access Service registrations in a separate group in the Access tab.
-
Technicians can review the new machines and approve them. Approved machines are moved to the Available Machines group as normal.
-
Access Improvements
-
The columns of the machine table are now configurable, can be resized and reordered.
-
Machine group labels in the machine table can be clicked to easily navigate to a parent machine group.
-
Azure domain information is now collected and displayed.
-
Screen Capture Changes - a number of screen capture changes improve the in-session experience:
-
Screen capture is now aware of changes on the remote machine, and processes just these changes improving performance and reducing data usage.
-
Screen capture on macOS now supports displays with arbitrary scaling factors.
-
Remote Support Wizard - the Remote Support application now more clearly guides users through the steps to start a support session. The wizard includes instructions on configuring permissions on macOS.
-
Password Strength - Administrators can now set a required password strength, and can require technicians to reset weak passwords in order to satisfy the requirements.
-
General Administration Improvements
-
Technician Groups show a table of member technicians.
-
All IP restrictions support descriptions to better annotate different restrictions.
-
The option to allow group-authenticated users has been moved to the Authentication Services tab for a Technician Group.
-
There is no longer a distinction between group-authenticated and local account technicians.
-
Authentication services now list the technician groups that have the service enabled.
-
The Technician accounts panel has a clearer layout with account actions to the side.
-
FIPS Support - a separate future build of SimpleHelp 6.0 will restrict encryption to FIPS 140-2 certified methods, offering a high level of assurance regarding the security and reliability of cryptographic operations.
Other Minor Improvements
-
The default SimpleHelpAdmin user is no longer created for new installations. Instead, a user must be created on first login.
-
Hardware reports are now configurable, allowing users to choose what columns to include in the report. Additionally, reports can include machine properties as well as hardware information.
-
Silent reconnect is now improved and far more reliable at detecting the disconnected session and initiating a reconnect.
-
Improvements to the server’s data stores ensure data integrity even in the event of server failure.
-
Added a new version notification in the Technician Console to more easily notify users of a new release.
-
The alert creation dialog now guides users through the process of configuring an alert.
-
The chat panel in a session can now be popped out into a separate window.
-
Added a default connection mode option to dictate what action should be taken when a Technician connects to a remote machine.
-
If SimpleHelp is terminated on Linux by OOM killer the Administrator will be notified on next login.
-
Technician accounts with no avatar images now show the user’s initials instead of a generic icon.
-
The Remote Access Service no longer uses netsh to capture Wi-Fi information during monitoring, and no calls are made using WMIC.
-
The Technician Console can now connect to SimpleHelp servers if the server’s TLS certificate has expired. Technicians are warned about the connection and must explicitly allow it to proceed.
-
The server will now warn Technicians when it is running low on disk space.
Notable Bug Fixes
-
Fixed an issue where modifying a machine property and then switching to another machine (prior to completing editing) would save the property in the new machine.
-
Fixed an issue where Group Administrators that modify the group assignments for a technician account might unexpectedly remove the account from other assigned groups.
-
Fixed an issue where Remote Access Services that are offline might immediately receive queued messages as soon as they register with the server again.
-
Fixed an issue where OS authentication for Remote Work to a Linux machine will fail on newer distributions.
-
Fixed an issue where services configured to register with the same SimpleHelp server on different addresses over UDP might not update correctly if one of the addresses is changed to point to a different SimpleHelp server.
-
Fixed an issue causing mouse pointer misalignment when connecting to certain Windows machines.
Great to see so many improvements listed there. Are there timescales on release (and does this supersede 5.6)? Is a beta download available yet for us to review?
Forgive me if I’m being dense, but I’m testing the new 6.0 and on the “Login Security” page I’m a little confused by the bottom box.
The text “Block IP addresses from being able to login to Simplehelp” followed by “Specify IP restrictions to decide which networks the web API is available on.” is confusing. If I add IPs to that box is that just impacting API? And if I’m adding them, am I blocking those IPs are setting up an allow list with those IPs? The wording of everything in that area is confusing.
Also, I’m setting up a new server for the new version, and my intent is to decouple my encryption from the license using the “Create and use a local private identity” option. I checked that box, and nothing really seems to happen, is something happening, is that new key being generated? I guess I was just expecting some kind of feed back about a new key being generated or something.
After doing some testing, just one more piece of feedback on the 6.0 beta is that the technician console has some issues with the notification pane if you change the logged in user (at least on the Mac), the panel appears and will not go away, and exhibited odd behavior when re-sized. Fixed by closing the console and re-opening. Any idea when the next Beta or non-beta release will be on 6.0?
Is the beta still available? The link results in a 404.
Not yet, but we’re looking at getting a second beta build together soon following the first phase’s feedback.
