With ExpertAssist’s IP address filtering feature you can specify exactly which computers are allowed to access ExpertAssist on your system.
The simple interface on the Security > IP Filtering page lets you maintain IP address restrictions.
If the Profiles list is empty, then filtering is disabled.
How IP Filtering works
When an IP address is checked against a list, ExpertAssist goes from the first element of the list to the last, comparing the IP address against the item. If the item is a single IP address, it only matches the remote IP if they are equal. If the item is an IP address with a subnet mask, a logical AND operation is performed on the subnet mask and the remote IP address, and the result is checked against the item’s network address to see if the remote IP address is in fact on the network. If the item is a wildcard, the remote IP address is converted to its dotted textual representation and the two strings are compared.
When a match is found, ExpertAssist checks if it should allow or deny the connection, based on the allow/deny flag belonging to it. This result is then used to decide whether to let the connection proceed.
If no match is found, then the connection is allowed. If you would like all connections to be denied by default, except for those in the list, enter a DENY:* line as the last item on the list.
It is not possible for you to lock yourself out by accident when setting up IP address restrictions from afar, i.e. you can't enter a DENY:* clause into an empty list.
To add an IP Filtering:
The Address and Subnet fields let you specify a new filtering item. You can enter the following:
The Allow and Deny options in the Type drop-down list let you specify whether you want to allow or deny access to the IP address or addresses entered.
Whenever a new connection is established to ExpertAssist, the remote IP address is checked against the filter or filters in the list, and access is granted or denied accordingly. The IP filters that you set up here apply to every connection received by ExpertAssist, except for those aimed at the Virtual FTP Server. To specify IP address restrictions specific to this module you will need to use its specific IP filtering options.
Examples
Example 1.
Allow connections from IP address 215.43.21.12 and the network 192.168.0.0/16, and deny all other connections:
ALLOW:215.43.21.12
ALLOW:192.168.0.0 (255.255.0.0) –OR- ALLOW:192.168.*
DENY:*
Example 2.
Allow connections from IP address 215.43.21.12 and the network 192.168.0.0/16, but not from the address 192.168.0.12, and deny everything else:
ALLOW:215.43.21.12
DENY:192.168.0.12
ALLOW:192.168.0.0 (255.255.0.0) –OR- ALLOW:192.168.*
DENY:*
Please note that denying the connection from 192.168.0.12 comes before allowing connections to the 192.168.0.0/16 network. This is because if ExpertAssist was to find the ALLOW item first, it would let IP address 192.168.0.12 through, since it matches the condition. To prevent this, we make sure that the address 192.168.0.12 is checked before the network to which it belongs.
Example 3.
Allow all connections, except those coming from 192.168.0.12:
DENY:192.168.0.12
Example 4.
Deny all connections from the network 192.168.0.0/16 except for the subnet 192.168.12.0/24, and allow all other connections:
ALLOW:192.168.12.0 (255.255.255.0) –OR- ALLOW:192.168.12.*
DENY:192.168.0.0 (255.255.0.0) –OR- DENY:192.168.*
Yet again, ordering is crucial.
Here is where you view the ExpertAssist log files.
The active log file is at the top of the list and is named DesktopAuthority.log
. Older logs are stored with the naming convention DAYYYYMMDD.log. For example, the ExpertAssist log file for June 1st 2018 would be called DA20180601.log.
You can enable or disable logging to text files as you will, but ExpertAssist will always log the following events to the Windows Application Log:
The Application Log is used because of security considerations.
In addition, service start and stop events are always written to the DesktopAuthority.log
file, no matter whether logging is enabled or disabled. You can modify the settings for these logs under the Log Settings page of the Preferences section.
The last entry in the log file list is Download all logs in one compressed file. Click this to create and download a single zipped package with all the log files above.
Use the User Management Log section to view the logs of the activities performed during each remote management session on the EA host you are currently managing via EA. These activities are, for example, a registry key creation, stopping/running services, remote control session data, etc. (To view the overall EA activities logs, use the EA Logs page.)
The user management logs feature the following:
To view logs:
In the navigation pane of the EA Management Window, go Security -> User Management Log. The list of available SLOG log files will be shown on the page to the right in a table. Some of the columns are detailed below.
Table 7: User Management logs data.
Table Heading
Explanation
ID
The active log (DesktopAuthority.slog) is on top of the list. The active log logs activities performed during the period when the EA services were started and stopped.
The log for the oldest session is at the bottom of the list.
Name
- The DesktopAuthority.slog file is the active log.
- Older logs are named according to the following convention DAYYYYMMDD_HHMMSS.slog.
For example, the user management log file for June 1st, 2018, will be entitled DA20180601_132125.slog.Validity
Icon that indicates an SLOG file is invalid, i.e. modified (by other means than the EA application) or anyhow corrupted.
To filter logs:
You can filter logs by the following data:
To filter the list of logs:
If you set up SSL support for ExpertAssist, all traffic between the host and the remote computer will be encrypted using industry-strength 128-bit ciphers, protecting your passwords and data. The SSL certificates generated here are used for accessing the HTML-based administration module via HTTPS, and are also used by all virtual FTP servers to secure connections if using a suitable client. Because the SSL protocol is considered insecure as it is vulnerable to the POODLE attack, ExpertAssist in fact uses high secure TLS protocol. Make sure to enable the TLS 1.1 or 1.2 protocol in the browser for the computer where you will be connecting to the remote compute from.
Setting up SSL support for ExpertAssist is done in four easy steps:
As the second step on this page, you need to create the server certificate. Simply fill out the form at the bottom and click the Continue button to proceed. ExpertAssist will generate a certificate request, and sign it with the Certificate Authority selected at the top of the page. The certificate created this way will be valid for ten years. Click Continue at the bottom.
That’s it. You are now ready to make a secure connection to ExpertAssist. Simply use a URL in the form of https://my.machine.here:2000.
You can use the same CA certificate on several machines, but you can't use the same server certificate in more than one place.
To use one CA certificate on a network of NT machines:
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center