ScreenConnect Setup
-
@JaredBusch said:
How many clients are you going to have that you will not have access to their router /firewall in the first place?
One that I know of, but it's my biggest client, so I have to make it work
I have only tested with this one client, because I know there firewall is super tight.
-
@anonymous said:
One that I know of, but it's my biggest client, so I have to make it work
I have only tested with this one client, because I know there firewall is super tight.
Okay, then the next best answer would be to request that they add an exemption for you for the port the relay portion runs on. Offer them your droplet IP to say it even only needs to allow to "here" kind of thing.
-
@JaredBusch said:
Okay, then the next best answer would be to request that they add an exemption for you for the port the relay portion runs on.
Wouldn't changing the ports also work?
I kinda of like that idea of only needing ports that are almost always open.....
-
@anonymous said:
@JaredBusch said:
Okay, then the next best answer would be to request that they add an exemption for you for the port the relay portion runs on.
Wouldn't changing the ports also work?
I kinda of like that idea of only needing ports that are almost always open.....
Well, if you can make it work, yes. But from my experience the confiruation you are dealing with is very unusual. The one place I have had issues, as mentioned previously, I have no issues with getting something opened if it is for a business purpose. ScreenConnect not being a tool for THEIR business means I simply never asked to have it opened. They likely would as we have a good relationship, but I chose not to ask.
For other services that I use there for supporting their software development I have had ports opened. Notably for the SVN repository we keep their code.
Side note: I really need to migrate that to a git solution sometime this year. -
Got it working on port 80 (Portal) and 443 (Relay)
How important is it to have a SSL cert to protect the portal page?
-
@anonymous said:
Got it working on port 80 and 443
How important is it to have a SSL cert to protect the portal page?
It's got to have a cert weather it's self-signed or a verified SSL cert.
-
@thecreativeone91 said:
It's got to have a cert weather it's self-signed or a verified SSL cert.
Do they provide a self-signed one out of the box?
-
If memory serves, no. Could easily be wrong, but I'm pretty sure that they do not.
-
@anonymous said:
@thecreativeone91 said:
It's got to have a cert weather it's self-signed or a verified SSL cert.
Do they provide a self-signed one out of the box?
Don't know. I've never used it, Should be easy enough to generate your own.
-
@anonymous said:
Got it working on port 80 (Portal) and 443 (Relay)
How important is it to have a SSL cert to protect the portal page?
You can't use SSL for the portal page because you have the relay on port 443.
You can't use the same port for both services.
-
@JaredBusch said:
You can't use the same port for both services.
Right, so I will just swap the ports.
-
Maybe I am missing something here, but how important is it to use a SSL cert on your Portal Page?
All the remote support sessions are encrypted, so is this really a concern?
-
From the SC website:
*All data passing between host and guest systems is fully encrypted and protected from unauthorized access. This includes all screen data, file transfers, key strokes, and chat messages. ScreenConnect employs a 256 bit AES encryption algorithm, similar to that used by many banking and government institutions.
Although ScreenConnect encrypts all Relay session traffic by default, the Web Server HTTP traffic is not encrypted unless configured with SSL. There's really not a way to SSL/secure just the Login process without securing the entire website. Though this is something that we are looking into.*
-
So if I understand this right, the only thing the SSL cert does it protect the login?
-
@anonymous said:
So if I understand this right, the only thing the SSL cert does it protect the login?
Just the really important bit
-
@scottalanmiller said:
@anonymous said:
So if I understand this right, the only thing the SSL cert does it protect the login?
Just the really important bit
With Two Factor Enabled, it's not that important.
-
Additionally, a long enough password also mitigates.
-
@anonymous said:
@scottalanmiller said:
@anonymous said:
So if I understand this right, the only thing the SSL cert does it protect the login?
Just the really important bit
With Two Factor Enabled, it's not that important.
I would say SSL is more important than two factor to security. A rapid replay attack will defeat two factor pretty easily in most cases. And it is completely vulnerable to man in the middle - to the point of doing nothing at all.