Security

 

What ports need to be open for hosted solution?

ISL Online products initiate an outgoing connection therefore they work with your existing firewall and do not require special configuration. ISL Online products first try to connect using port 7615 and then if this fails they also try ports 80 and 443. In extremely rare cases, when strict firewall is implemented on the remote (client) computer and all of the mentioned ports are closed, ISL Online products won't work until at least one of the mentioned ports is opened. Please let us know if you ever encounter such a situation.

What is the purpose of port 7615?

Port 7615 is the preferred choice and you can think of it as the standard ISL Online port, just like 22 is ssh, 23 telnet, 25 smtp, 3389 rdp etc. - you can also find it in the list of ports at wikipedia.

Having a specific port is also very convenient - if you have a certain company policy and use a firewall/proxy, but would like to adjust it to allow ISL Online traffic, we simply instruct you to open port 7615 and all ISL Online products will work great. If we only used 80/443, the admin would find it difficult to try and allow ISL Online but limit other traffic that also goes through port 80/443.

In general, the first thing to consider when dealing with a proxy environment is to check with the system/network administrator if it is possible to make an exception. This does not mean that you completely disable the proxy, just let the ISL Online traffic through directly and keep filtering the rest. If the proxy supports DNS name exceptions, then allow direct outgoing tcp connection for port 7615 to *.islonline.net. If the proxy supports only IP number exceptions, check this link for a current list of  our server IPs. Direct connection offers best performance and minimum delays.

In an ideal world of direct connections and flexible security policies, the story would end here, but since there are many customers behind corporate firewalls/proxies where only http and https traffic is allowed (so, port 80 and/or 443) and system/network administrators do not want or are not allowed to add exceptions, we also support that and our applications try to find a working transport even in those situations (detect proxy settings, use wininet, create a tunnel, make use of the wildcard dns - helps with some proxies, etc.).

Situations where such filtering is involved can suffer from additional delays, mainly due to transport timeouts in the connection establishment process. ISL Online products always (well, unless you force a certain transport type through registry or command line) try direct connection using port 7615 and if that fails, they try ports 80 and 443 with various proxy methods. Each transport type has a timeout of 7 seconds and on windows we try 8 transport types, so if it is the last one that gets through, this means almost 1 minute delay. If a customer complains about long delays, the best thing to do is connect to the problematic computer and click find best transport in our utility connection tester. It will show you a list of successful transports along with the average transfer rate, delays etc. These results will allow you to force the best transport. Both you and your customer will appreciate the reduced connection delay.

If you need help when dealing with ISL Online products in proxy environments you can contact ISL Online team over the telephone, via e-mail or through our live chat.

If someone is supporting me, how do I stop him?

There are several ways to do this. A simple mouse move suspends the control for a few seconds. If this is not enough, you can click "Stop Sharing" button on the ISL Light Client side or simply close the ISL Light application by pressing "Close" button on the ISL Light application window.

How long does the system keep an ISL Light session?

A session is active while ISL Light is active. When ISL Light is closed or only the session is closed by pressing "Disconnect from the session" button, the session is not active any more. The system keeps the basic session info (ISL Light and Client computers' IP numbers, chat transcript, amount of transferred data etc.). Session can also be automatically terminated after specified user idle time (link). Idle time counts as time from last user action on the computer.

Does the session continue if my local IP changes in the middle of the session?

Yes, ISL Light reconnects back to the server, it's almost the same as if you unplugged the cable and plugged it back in.

If I unplug the network cable from the computer while in a session and then plug it back in, what happens?

The ISL Light session continues running normally, as soon as the internet connection is re-established.

How secure is your ISL Light software to prevent "hackers" from accessing my computer while using your software?

ISL Light uses industry standard SSL/TLS encryption. You can be sure that your session is private - it is encrypted point to point - from ISL Light Client to ISL Light. Also the Client has to allow each action - so remote user can not just take over your computer. You do not need to change anything in your Operating System settings. For additional information, please refer to the Security topic.

Is the connection encrypted throughout the session and does it connect through a server or directly (peer to peer)?

The connection uses end-to-end SSL/TLS encryption. After the session is established, the traffic still goes over the server, but the server cannot read the data (everything is encrypted end-to-end). For added security, you also have the option of Server license, so you can install the server yourself.

How should I configure my firewall for optimal ISL Online experience?

If you do not filter outgoing connections, then you do not need to make any changes. However, if you do filter outgoing connections, please whitelist all connections to *.islonline.net, if your firewall allows DNS whitelisting. If you can only whitelist IP addresses, check the next question.

How should I configure my firewall for optimal ISL Online experience if my firewall does not allow DNS whitelisting? Which IP addresses should I allow?

Please refer to this link for an up-to-date list of our server IP addresses. However, please keep in mind that the list of our servers changes through time (new servers are added, old servers are decomissioned), so you should check the provided link every now and then and update your firewall appropriately. Instead, intermediary ISL Online forward proxy can be configured to minimize the list of rules and keep its maintenance at lowest. Check this link for more information.

We are unable to use ISL Light to support some of our users due to their firewall not allowing file download from third party websites. Is there a workaround?

You can add ISL Light Client executable to zip / zip with password and put it on your web site. You can also publish it on the customer's intranet or even distribute it directly to such limited computers.


Was this article helpful?