Submit a ticketCall us

Bridging the ITSM Divide
Integrated help desk and remote support software for faster resolution

Join us on Wednesday, November 29, 2017 at 11 a.m. CT, as we discuss the benefits of effectively integrating your help desk software with remote support solutions to help increase the efficiency of IT administration, improve communication, and decrease mean time to resolution (MTTR) for IT issues of all sizes. This directly impacts end-user satisfaction and your business’ bottom line. Register Now.

Home > Success Center > DameWare Remote Support & Mini Remote Control > DameWare Documentation > Dameware Remote Support and Mini Remote Control Documentation - Previous Versions > DameWare Mini Remote Control User Guide > Additional information and instructions > Security and encryption overview

Security and encryption overview

Created by Anthony.Rinaldi_ret, last modified by Anthony.Rinaldi_ret on Jul 11, 2016

Views: 83 Votes: 0 Revisions: 2

The DameWare Mini Remote Control program has a multitude of security and encryption features to help users comply with security guidelines.

Authentication

Mini Remote Control supports the ability to use four different Authentication methods, three of which are integrated within the operating system's security. This allows users to define security policies within the operating system that effectively allow or prevent users from establishing an unauthorized Mini Remote Control connection to a remote system. Mini Remote Control always authenticates locally to remote systems and does not increase or decrease the connected user's permissions in the operating system.

For example, if a Mini Remote Control user has Administrator rights on the remote system when connecting to the system locally, the user will have Administrator rights when connecting remotely with Mini Remote Control. Mini Remote Control does not log users into the operating system of remote systems. Rather, it establishes a remote connection to the remote system's desktop. If no user is currently logged into the remote system, the Mini Remote Control user must log into the operating system just as if connecting interactively.

For additional information about the four authentication methods, see Authentication requirements and types.

Restricting Connections

Mini Remote Control includes a number of features within the Mini Remote Control client agent service that can restrict Mini Remote Control connections. If a user wants to modify these settings, that user must have Administrator rights on the remote system.

In general, the Mini Remote Control client agent service offers the following restriction options:

  • Enable or disable specific authentication methods.

  • Specify and require an additional password, or shared secret, for Mini Remote Control connections.

  • Limit connections to users with administrative permissions.

  • Allow or deny connections based on IPv4 filtering.

  • Restrict connections to users within specific Windows security groups.

For additional information about these settings, see MRC Client Agent Service settings.

Logging

The Mini Remote Control program provides three different logging features.

DWMRCS app event logs

Each time a Mini Remote Control user connects to a remote system, Mini Remote Control writes DWMRCS entries to the Application Event Log on the remote system for the following events:

  • attempts to connect

  • disconnects

These DWMRCS Application Event Log entries contain connection information, along with specific information about the system the Mini Remote Control user connected from and the username used to establish the Mini Remote Control connection. For security reasons, this functionality cannot be disabled within the Mini Remote Control program.

Centralized logging

The Centralized Logging feature allows Administrators to send duplicate copies of the previously mentioned DWMRCS Application Event Log entries to a separate, independent centralized logging server. For this to work, both the logging server and all remote systems must be running the Mini Remote Control client agent service. For additional information, see MRC Client Agent Service settings.

Email notification

The Email Notification feature sends an email to a specified email address every time Mini Remote Control establishes a connection to that system. For additional information, see MRC Client Agent Service settings.

Encryption

Mini Remote Control encrypts all credentials and other session negotiation information for its connections. Mini Remote Control uses Microsoft???s built-in Cryptographic Service Providers & CryptoAPIs to support strong encryption for authentication and session negotiation (key exchange). Mini Remote Control always uses multiple encryption algorithms (ciphers), and always tries to negotiate the strongest keys possible based on what the local and remote systems' Crypto Subsystem can agree upon.

Mini Remote Control provides additional encryption options for general data, images, and Simple File Transfers. For additional information about these settings, see MRC Client Agent Service settings.

FIPS Mode

Mini Remote Control also includes RSA's BSAFE Crypto-C ME encryption modules, which are FIPS 140-2 level certified by NIST. Federal Information Processing Standard 140-1 (FIPS 140-1) and its successor, FIPS 140-2, are US Government standards that provide a benchmark for implementing cryptographic software. Mini Remote Control meets all Level 1 requirements for FIPS 140-2 compliance when operated in FIPS Mode. When you configure these options, Mini Remote Control uses the BSAFE Crypto-C ME FIPS 140-2 validated cryptographic library exclusively, which only allows FIPS-approved algorithms.

For additional information, see:

"RSA Security Encryption Software Receives FIPS 140-2 Validation,"
http://www.rsa.com/

"FIPS 140-2 Validation Certificate,"
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140crt/140crt1058.pdf

Enable FIPS mode at each remote Mini Remote Control host. For additional information, see MRC Host properties.

When Mini Remote Control is not running in FIPS Mode, Mini Remote Control uses Microsoft's cryptographic services providers (CSPs) and CryptoAPIs exclusively. The Encryption Algorithms used can be anywhere from a minimum of RC4 (primarily used for older operating systems, such as NT4) to a maximum of AES 256. The following examples illustrate this range:

  • AES 256 (Key length: 256 bits)

  • 3DES/Triple DES (Key length: 192 bits)

  • RC4 (Key length: 128 bits)

Forcing encryption

In addition to the encryption options in the Mini Remote Control Application, you can also set the encryption restrictions on the Mini Remote Control client agent service. Configure remote systems to allow only FIPS Mode connections, or require specific encryption options for all Mini Remote Control connections.

For additional information, see MRC Client Agent Service settings.

Permission Required

The Mini Remote Control client agent service provides several "Permission Required" settings in the Mini Remote Control Client Agent Service Settings dialog. When these settings are enabled, users who are logged into a target Mini Remote Control system locally must "allow" incoming Mini Remote Control connections. The client agent service can also prohibit non-administrative users from establishing a connection if no local user is logged on.

The following settings, on the Access tab, are enabled by default for Mini Remote Control users connecting with non-administrator credentials:

  • Permission Required for these Account Types

  • Disconnect if at Logon Desktop

  • View only for these account types

Furthermore, the Permission Required setting on the Additional Settings tab applies to Mini Remote Control users connecting with or without administrator credentials. If this setting is enabled and a Mini Remote Control user attempts to connect to the remote system while another user is logged on, the logged on user must "allow" the Mini Remote Control connection for it to be successful.

For additional information about these settings, see MRC Client Agent Service settings.

Last modified

Tags

Classifications

Public