logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
Johnjw  
#1 Posted : Thursday, April 13, 2017 9:44:58 PM(UTC)
Johnjw


Rank: Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 11/20/2014(UTC)
Posts: 24
Sweden

Thanks: 10 times
Was thanked: 2 time(s) in 2 post(s)
Im always interested in making things as safe as possible and sometimes a bit extreme perhaps but hey, better safe than sorry as they say :)

My thought was if anyone has made some changes or maybe know a way to fulfill my request below.

I want to limit the type of access an external user has so that any time you access your screenconnect server from outside your network, then you wont have access to the admin part and perhaps less overall info in the remote interface. Just the bare minimum to allow me to quickly jump into a session and support. Reason for this is so that if by any reason someone gets my login or manages to "hack" it, then they wont get full access and can change things and what not. Could perhaps also make an option to only allow quick support sessions when connected from outside the servers LAN.


One solution (while not exactly what im looking for) that could be used would be a vpn where you just kill the port forward in the router to the screenconnect webserver and access the server that way but then I would miss out on the quick support session side of things and have to rely on the permanently installed version (unattended installation) instead which id rather avoid for this particular purpose.


Update:
Forgot about the web.config settings (which I already had applied) to protect against unauthorized admin area access...
Code:
    <location path="Administration.aspx">
        <appSettings>
            <add key="RestrictToIPs" value="192.168.2.0/24 192.168.2.140/32"/>
        </appSettings>


Along with some other modifications to remove the side panel where you see login and top title on the guest page where I had to change the index page so it survives screenconnect updates
from
Code:
  <add key="DefaultDocumentName" value="guest.aspx" />
to
Code:
  <add key="DefaultDocumentName" value="index.aspx" />
which points to a separate renamed copy of a modified default.master which in turn has
Code:
		<div class="HeaderPanel"></div>
		<div class="NavigationPanel"></div>
removed.

Now why did I create a separate copy of default.master instead of just using a string like yoursite:8040/guest.aspx?theme=embedded? Because every monkey knows how to erase some text in the browser so if they remove "?theme=embedded", then they get all the login links etc. Now they need to atleast know host.aspx, login.aspx etc which isnt hard to figure out either but they can in turn be renamed which makes it slightly harder atleast and stops most noobs/bots from hammering the site.

Edited by user Saturday, April 15, 2017 2:11:43 PM(UTC)  | Reason: Not specified

ckibodeaux  
#2 Posted : Friday, April 14, 2017 1:03:28 AM(UTC)
ckibodeaux


Rank: Advanced Member

Medals: Bug Buster Level Two: Bugs are more afraid of you than you are of them...ScreenConnect Advisor: Focus Group MemberLevel 3: Shirt off your back! Received 25 Thanks!

Joined: 12/13/2013(UTC)
Posts: 198
Man
United States

Thanks: 40 times
Was thanked: 34 time(s) in 29 post(s)
Not ideal, but could be used as a solution. Create 2 logins; 1) Full access used behind the firewall 2) Limited account used when away from your main network.
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.