Secure Application Access
Designed with Security in Mind
As organizations become more distributed, and more employees work from home, remote application access solutions like GO-Global are increasingly in demand—and increasingly subject to scrutiny by IT security teams. GO-Global was designed from the start with security in mind, from protocol encryption and session isolation to defense against attackers and two-factor authentication. Applications deployed through GO-Global are typically more secure than when they are installed directly on an endpoint device.
Proprietary Connection Protocol
Because GO-Global was developed using GraphOn’s proprietary, closed source Rapid-X Protocol (RXP), it offers additional defense against attackers, compared to open source protocols like Microsoft® Remote Desktop Protocol, where security weaknesses have been found and exploited as recently as March 2020. Additional GO-Global built-in security measures include disabling all configuration options that enable sharing of server or client resources and control over exactly which applications can be accessed remotely.
Operating System Security and User Authentication
GO-Global inherits and honors all user and data security boundaries from the Windows® operating system, including Group Policies, Access Control Lists, etc. GO-Global also maintains security settings controlling access at the user and application level that are enforced during the logon process. Additionally, GO-Global respects Windows file, folder, share, printer, and registry permissions, which are central to Windows system security. To reduce potential security threats, IT admins using GO-Global should adhere to Microsoft’s recommended best practices, especially avoiding Administrator privileges for end users. To ensure consistency across multiple hosts, GraphOn recommends using Windows Group Policies for all global security settings.
GO-Global provides a vital extra layer of connection security with Two-Factor Authentication (2FA), which requires users to enter a 6-digit code from an authenticator app on a smart phone in addition to their username and password. 2FA ensures that, even if a user’s password is compromised, the attacker will not be able to access the host system without access to the user’s unlocked phone. This renders brute force and dictionary password searches useless – which is especially critical as more end users access corporate work computers while working from home, driving an increase in brute force attacks. 2FA also reduces the burden of forcing a complex password policy.
Additional security recommendations include the use of Integrated Windows Authentication to eliminate the need to cache passwords for connections between Windows clients and GO-Global Hosts.
Additional Security Measures
Many organizations use a VPN solution for remote access to applications. Most GraphOn customers opt to extend their existing VPN environment to support GO-Global session traffic from remote end users. To get an additional security layer, IT can use SSL to encrypt GO-Global sessions running within a VPN data stream. GO-Global also supports Proxy Server Tunneling, also known as HTTP Connect, which allows a user who accesses the internet via a web proxy server to connect to GO-Global Hosts on the internet.
Client Session Encryption
By default, GO-Global encrypts sessions using DES (Data Encryption Standard) with 56-bit key strength for all client session connections to protect against basic packet sniffers and clients intercepting raw data communications. It is fast, reliable, and offers an immediate level of security for LAN-based connections via GO-Global.
For internet communications and security-conscious environments, GO-Global offers SSL-based transport with the following encryption algorithms: 128-bit RC4, 168-bit 3DES and 256-bit AES. These stronger encryption algorithms require that the administrator applies a signed SSL certificate on the host, which can be generated using any standard Certificate Authority. Administrators can also generate trusted SSL certificates for GO-Global Hosts through the Security tab of the Host Options dialog in the Admin Console, where the GO-Global Host has a publicly registered DNS address. This allows administrators to enable strong encryption and SSL/TLS security without purchasing a certificate from a third-party Certificate Authority.