This article applies to NetSupport Manager v14.00. For information relating to version 12.80 and below, click here.
NetSupport Connectivity (Gateway) Server security options
- Gateway key
A NetSupport Connectivity Server can be configured with multiple Gateway keys. Each Client that connects to the NetSupport Connectivity Server needs to be configured with a Gateway key that matches the one set at the NetSupport Connectivity Server. If the key configured at the Client machine does not match, it will not be permitted to connect to the NetSupport Connectivity Server. The Control can be configured with different Gateway icons to browse the Clients on the NetSupport Connectivity Server using different Gateway keys, allowing you to control which Clients are visible to which Control. Again, if the Control is not configured with a Gateway key that matches one of the keys on the NetSupport Connectivity Server, it will not be permitted to browse the NetSupport Connectivity Server to retrieve the list of Clients to connect to.
- Gateway operators
Another option to restrict who has access to the NetSupport Connectivity Server is to include Gateway operators. These are user accounts you can configure on the NetSupport Connectivity Server, allowing only the specified operators to browse the NetSupport Connectivity Server. This can prove beneficial if, for example, a person who knows the Gateway key leaves the organisation. Instead of changing the Gateway key, you can just remove their operator account, knowing they will no longer have access to browse the NetSupport Connectivity Server.
- Two-factor authentication (2FA)
The NetSupport Connectivity Server includes the option to enable an extra layer of security when using Gateway Operators. You can enable two-factor authentication on the Gateway Operators. NetSupport Manager supports two methods to implement two-factor authentication, time-based one-time passwords (TOTP) and Duo Push. For further information on how to implement two-factor authentication on the Connectivity Server, please refer to xxx.
- SSL/TLS support
The NetSupport Connectivity Server supports the ability to apply SSL or TLS certificates to ensure that all data sent across the Connectivity Server is encrypted. It is possible to apply your own SSL/TLS certificate. Alternatively, the NetSupport Connectivity Server provides the option to create and use a Let’s Encrypt certificate.
- Event logging
NetSupport Connectivity Server activity logging is on by default and stored in the following location:
C:\Program Files\Common Files\NSL\Connectivity Server\
Settings for the NetSupport Connectivity Server component are made via the Connectivity Server Configurator. This is accessible by right-clicking on the NetSupport Connectivity Server icon in the system tray.
Client security options
The NetSupport Manager Client includes several different options to secure access to the remote Clients, whether you connect to them directly or via the NetSupport Connectivity Server.
- User authentication
It is possible to configure the Client to use a locally stored username and password for the connection, which will be stored in the Client Configuration file, or you can choose to authenticate access to the Client using NT authentication or AD authentication, choosing a group from your domain to authenticate against. When one of these options is selected at the Client, when a Control attempts to connect, it will be prompted to enter a username and password. These will need to match the details selected at the Client to permit the Control to connect.
- RADIUS support
The NetSupport Manager Client can be configured to point to a RADIUS server to validate each connection attempt when using either NT or AD Authentication from a Control to the Client device.
- Security key
Provides additional security that enables Control users to connect only if the Control has the same security key as the Client. Optionally, this can be set as the serial number in your NetSupport Licence file. You must set the security key at both the Client and the Control.
- User acknowledgement
When a Control user attempts to connect, a message will be displayed at the Client. Unless the user at the Client explicitly accepts the request, the connection will be refused.
With encryption turned on, all the information sent between the Control and Client is very difficult for others to read. NetSupport Manager offers a range of encryption options, ranging from 56 Bit DES to 256 Bit AES, enabling you to find the necessary balance between security and performance. The higher the level of encryption, the higher the potential for decreased performance. Choose the level of encryption to be used while a Control is connected. By default, encryption is set to none for all connections and 56 Bit DES for HTTP connections.
- Require HTTPS
It is possible at the NetSupport Manager Client to only permit this to connect to a NetSupport Connectivity Server that has a valid SSL\TLS certificate applied.
- Smartcard authentication
If this option is selected at the Client, then the Control will be required to enter a user ID and password as well as the smartcard and pin to connect to the Client.
- Access privileges
Using the Client configuration, you can disable certain remote control features when you connect to the Client, such as to prevent File transfer or disable Control mode when viewing.
- Client profiles
It is possible to configure different levels of Control access depending on which user authenticates with the Client for the connection using the Client profiles.
- Customisable text
Customisable text enables you to add customisable messages which are displayed at the Client machine when a Control is connected, so the end-user is aware of the remote connection.
- Replay Files
When enabled, a Replay File recording will be created each time the Control views a Client PC with the option enabled.
- Client logging
Log files record the activity that takes place at a Client machine while it is being remote controlled. Standard information would include the name of the Control that had initiated the connection and the date and time that the session started and ended. The text files that are created provide a useful audit trail, but you can also enhance Client security using this feature.
- Client Configurator password
The Client Configurator password allows you to restrict access to the Client Configurator using a locally stored password for the Client Profile or by specifying a NT Group of users that can authenticate to access the Client Configurator.
The above options for the NetSupport Manager Client can be applied locally on a Client using the NetSupport Manager Configurator or enforced using the NetSupport Manager Client AD Template files via AD Group Policy. Settings applied via Group policy will override any local configurations applied.
Control security options
The NetSupport Manager Control also includes a number of different security options to secure access and limit functionality.
- Control password
Allows a password to be set at the Control. You will then be prompted for this each time you start the Control.
- Control logging
Once enabled, each time the Control subsequently connects to a Client, the activity for that session will be recorded.
- Replay Files
When enabled, a Replay File recording will be created each time the Control views a Client PC.
- Control interface settings
The Control interface settings allow you to configure which different components for the named configuration are available, such as disabling access to the Auto Groups or Gateway list section of the Control interface.
- Control function
The Control function settings allow you to restrict certain features such as the File Transfer or Reboot options.
- Control profiles
The NetSupport Control can be configured with different Control configurations, allowing you to set different profiles for your different Control users.
- Require HTTPS
It is possible at the NetSupport Manager Control to only permit connections to a NetSupport Connectivity Server that has a valid SSL\TLS certificate applied.
The above options for the NetSupport Manager Control can be applied locally using the NetSupport Manager Control Settings or enforced using the NetSupport Manager Control AD Template files via AD Group Policy. Settings applied via Group policy will override any local configurations applied.