ConnectWise ScreenConnect Support Security
Your customers are relying on you to keep their environments secure, so we've equipped you with a layered approach to security, designed for teams of all sizes. ConnectWise ScreenConnect Support provides you with the tools that provide world-class threat protection including role-based permissions, 256-bit AES encryption, and multiple authentication methods, along with premium reporting capabilities.
Control who has access at every level
Maintain full control over which technicians have remote access, and to which networks. This also ensures that you are meeting your customers’ security and compliance requirements as they relate to restricted access.
Session activity logging
Audit logs provide full accountability of your services while helping track down security breaches and data misuse for your customers. Review hosts and guests, timestamps, and session activity including executed scripts, commands, tools, and files transferred.
Video session logging
Enforce transparency through video session recordings of every remote engagement. Video logs can be stored on a specified network drive, private, or public cloud location.
Make your clients comfortable
Ease customer qualms about allowing remote access to their networks and servers.
Enable permission-based security so end-users can allow or deny remote access to their system. It’s a control designed to make customers feel more comfortable and in control, but it’s also intended to let your technicians know that they have the green light.
Let technicians send end users requests for consent to remotely connect and control their systems. This action doesn’t interrupt the end user while they’re working and lets them decide whether they wish to hand over control.
Communication is the key to a successful technician/end-user relationship. Add an extra layer of transparency by allowing the end user to see the tech’s actions during a session via VOIP and chat, and later review via video recordings.
Remove the support client from the remote computer after the completion of every session. This feature effectively eliminates the possibility of leaving the client device vulnerable to cyberthreats and should curb any reservations users or their organizations may have.
Ensure in-house security
Protect all information passing between host and guest systems while in session. This includes data, file transfers, keystrokes, and chats—using encryption similar to that used by many banking and government institutions.
Choice of licensing models, including self-hosting for TSPs or for customers that either: 1) need to meet state or federal regulatory compliance requirements, or 2) cannot, or choose not to host their applications in the cloud.
Protect data transmitted between the user's browser and the server through a proprietary protocol and our AES-256 encryption algorithm. In addition, all cloud instances are automatically encrypted with SSL certificates.
Store audit logs and optional session video recordings if ever needed for auditing or security vulnerability tracking purposes. The server's SQLite database stores all logged data, which authorized users can query for analysis and reporting.
User authentication and security
More than ever, hackers are trying, and becoming far more effective at breaking into unsuspecting user accounts. Commercial-grade features and methods to validate real users help you combat these never-ending cyberattacks.
Windows and forms authentication
Securely authenticate using existing Windows® and Forms credentials. While Windows authentication uses local Windows usernames and passwords to authenticate users, Forms authentication relies on user IDs and passwords stored in a secured database.
Enforce multi-factor authentication—an electronic authentication method that gives users access to a website or application only after successfully presenting two or more pieces of evidence. This method adds yet another layer of defense to thwart cybercriminals.
Brute force attack
While brute force attacks are premised on the old-school “trial-and-error” method of guessing access credentials, they are still relatively effective. Lock out users after a predetermined number of failed login attempts, foiling potential hackers from access to your data.
Session timeouts if a user's actions remain idle on the host or admin page for a specified amount of time. The resulting timeout will automatically log out the user—keeping potential hackers from entering the open connection.
LDAP and Active Directory
There's no need to manage users in multiple systems. Use external sources including: MS Active Directory, OpenLDAP or OpenDJ to securely and confidently authenticate users.
IP login restrictions
Administrators can invoke IP login restrictions to specify which IPs have access to sign in. Addresses can be associated with named users or associated with an organization’s range of IP addresses. It’s an optional, added layer of protection for granular control.