ConnectWise ScreenConnect Support Security
Your customers are relying on you to keep their environments secure, so we've equipped you with a layered approach to security, designed for teams of all sizes. ConnectWise ScreenConnect Support provides you with the tools that provide world-class threat protection including role-based permissions, 256-bit AES encryption, and multiple authentication methods, along with premium reporting capabilities.
Control who has access at every level
Maintain full control over which technicians have remote access, and to which networks. This also ensures that you are meeting your customers’ security and compliance requirements as they relate to restricted access.
Role-based security
Unrestricted access invites threats. With role-based security, administrators can determine user permissions and control who has access to what features, functions, and groups of machines—down to the most granular details.
Session activity logging
Audit logs provide full accountability of your services while helping track down security breaches and data misuse for your customers. Review hosts and guests, timestamps, and session activity including executed scripts, commands, tools, and files transferred.
Video session logging
Enforce transparency through video session recordings of every remote engagement. Video logs can be stored on a specified network drive, private, or public cloud location.
Make your clients comfortable
Ease customer qualms about allowing remote access to their networks and servers.
Permission-based security
Enable permission-based security so end-users can allow or deny remote access to their system. It’s a control designed to make customers feel more comfortable and in control, but it’s also intended to let your technicians know that they have the green light.
Consent requests
Let technicians send end users requests for consent to remotely connect and control their systems. This action doesn’t interrupt the end user while they’re working and lets them decide whether they wish to hand over control.
Open communication
Communication is the key to a successful technician/end-user relationship. Add an extra layer of transparency by allowing the end user to see the tech’s actions during a session via VOIP and chat, and later review via video recordings.
No footprint
Remove the support client from the remote computer after the completion of every session. This feature effectively eliminates the possibility of leaving the client device vulnerable to cyberthreats and should curb any reservations users or their organizations may have.
Ensure in-house security
Protect all information passing between host and guest systems while in session. This includes data, file transfers, keystrokes, and chats—using encryption similar to that used by many banking and government institutions.
Self-hosting
Choice of licensing models, including self-hosting for TSPs or for customers that either: 1) need to meet state or federal regulatory compliance requirements, or 2) cannot, or choose not to host their applications in the cloud.
AES-256 encryption
Protect data transmitted between the user's browser and the server through a proprietary protocol and our AES-256 encryption algorithm. In addition, all cloud instances are automatically encrypted with SSL certificates.
Server-level auditing
Store audit logs and optional session video recordings if ever needed for auditing or security vulnerability tracking purposes. The server's SQLite database stores all logged data, which authorized users can query for analysis and reporting.
User authentication and security
More than ever, hackers are trying, and becoming far more effective at breaking into unsuspecting user accounts. Commercial-grade features and methods to validate real users help you combat these never-ending cyberattacks.
Windows and forms authentication
Securely authenticate using existing Windows® and Forms credentials. While Windows authentication uses local Windows usernames and passwords to authenticate users, Forms authentication relies on user IDs and passwords stored in a secured database.
Two-factor authentication
Enforce multi-factor authentication—an electronic authentication method that gives users access to a website or application only after successfully presenting two or more pieces of evidence. This method adds yet another layer of defense to thwart cybercriminals.
Brute force attack
While brute force attacks are premised on the old-school “trial-and-error” method of guessing access credentials, they are still relatively effective. Lock out users after a predetermined number of failed login attempts, foiling potential hackers from access to your data.
Session timeout
Session timeouts if a user's actions remain idle on the host or admin page for a specified amount of time. The resulting timeout will automatically log out the user—keeping potential hackers from entering the open connection.
LDAP and Active Directory
There's no need to manage users in multiple systems. Use external sources including: MS Active Directory, OpenLDAP or OpenDJ to securely and confidently authenticate users.
IP login restrictions
Administrators can invoke IP login restrictions to specify which IPs have access to sign in. Addresses can be associated with named users or associated with an organization’s range of IP addresses. It’s an optional, added layer of protection for granular control.