Security

Security Hardening Tips and Recommendations

This document will help you harden the security in Desktop Central.

Update the latest Security Patches

  • Desktop Central immediately releases the security patches for identified security issues. Follow this Security Updates Group and "Security Updates on Vulnerabilities" section in our Knowledge base to stay updated with the latest security patches. 

Enable Secure Log-in

To enable secure log-in, go to Admin tab and click on Security settings, and under Secure login perform the below steps,

  • Enable Secure Login (HTTPS)
  • Configure a complex password 
  • Configure Two factor authentication
  • Disable default admin
  • Secure Network share
  • Restrict users from uninstalling Desktop Central agents

Use third party trusted certificates

It is recommended to configure Desktop Central with a trusted third party certificate to ensure secured connections between desktops, mobile agents and server. However, for secured communication using HTTPS, a default self-signed certificate will be provided along with the server

Enable Secure agent server communication

To enable secure agent server communication, go to Admin tab and click on Security settings, and under Secure agent server communication perform the below steps,

  • Enable secure communication for LAN agents
  • Enable secure communication for WAN agents
  • Enable secure remote control and file transfer operations

Use Forwarding server

It is recommended to keep Desktop Central server within a corporate network protected by a firewall. To prevent Desktop Central from exposing to internet, use Forwarding Server (a reverse proxy solution). It will also help you secure communication of mobile/roaming user with Desktop Central server. Refer this document for more details.

Disable older versions of TLS

By default, SSLV2 and SSLV3 protocols are disabled in Desktop central. If you are not managing any of the legacy operating systems (Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 ), you can disable TLSv1 and TLSv1.1 in the security page.

Disable 64-bit week older ciphers

Upgrade to Desktop Central build 100081 and above, as the ciphers are disabled by default. If you are managing Windows XP and Windows Server 2003 operating systems, apply the Patch for Windows XP and Patch for Windows 2003.