Welcome!

Open Source Authors: Plutora Blog, Liz McMillan, Carmen Gonzalez, Elizabeth White, Yeshim Deniz

News Feed Item

Bomgar besteht erfolgreich Sicherheitstest

Bomgar, ein führender Anbieter von sicheren Remote-Support-Lösungen, gab heute bekannt, dass seine Remote-Support-Lösung eine von Symantec durchgeführte strenge Sicherheitsprüfung bestanden hat. Symantec führte seinen Produktpenetrationstest durch, um die Komponenten und die dazugehörige Umgebung der Bomgar Lösung in Bezug auf bewährte Security-Best-Practices zu beurteilen. Ziel der Prüfung war die Bewertung der Sicherheit des Bomgar Produktes aus Sicht eines Hackers oder böswilligen Nutzers, um festzustellen wie gut der Schutz des Produkts gegen solche Angriffe funktioniert.

Bomgars Remote-Support-Lösung wird von Tausenden von Servicedesks und Supportcentern weltweit eingesetzt, um auf entfernte Computer, Systeme und Mobilgeräte zuzugreifen. Von November 2012 bis März 2013 haben Symantec Consulting und Bomgar zusammengearbeitet, um die Sicherheitsarchitektur und die Implementierung von Bomgars Appliances zu beurteilen. Sie haben dabei festgestellt, dass die Gesamtarchitektur der Appliances unter Berücksichtigung von Security-Best-Practices konzipiert und implementiert wurde. Die wichtigsten Komponenten die getestet wurden waren unter anderem die Bomgar Appliance, die Support-Mitarbeiter-Konsole und der kundenseitige Client. Die folgenden Bereiche wurden in einer gründlichen Analyse darauf geprüft, wie die Gesamtlösung zum Schutz gegen Angreifer funktioniert:

  • Hardware von Bomgar – Die Bomgar Appliances werden als geschlossene, gehärtete Server ausgeliefertum die Kunden bei der Installation von Bomgars Lösung zu unterstützen. Während des Tests hat Symantec festgestellt, dass die minimale Port-Exposition und die gehärtete Standardkonfiguration den unautorisierten Zugriff auf die Appliance erfolgreich verhindern und mögliche Angriffsvektoren beschränken.
  • Verschlüsselung der Kommunikation – Entscheidend für die Absicherung jeder Lösung ist die Gewährleistung, dass alle Komponenten auf sichere Weise miteinander sowie mit der Außenwelt kommunizieren können. Um dies zu erreichen, setzt Bomgar eine SSL-Verschlüsselung für jegliche Kommunikation zwischen der Bomgar-Appliance, den Support-Mitarbeiter-Konsolen und den kundenseitigen Clients ein.
  • Authentifizierung und Autorisierung – Die Bomgar Lösung setzt voraus dass die Benutzer des Systems eigene Benutzerkonten einrichten. Symantec hat festgestellt, dass die Lösung eine sehr feinstufige Zugriffskontrolle für jedes Konto unterstützt. Außerdem verwendet Bomgars Appliance ein separates Administrationskonto und eine eigene Administrationsschnittstelle für die Verwaltung von Bomgars Server-Firmware. Dies gewährleistet eine zusätzliche Trennung zwischen den Benutzerfunktionen innerhalb der gesamten Anwendungsumgebung.
  • Sicherheit des kundenseitigen Clients – Um eine vollständige Bomgar-Support-Sitzung zu starten, lädt der Kunde zur laufzeit eine kleine Anwendung herunter und führt sie aus. Diese stellt über die Bomgar-Appliance eine Rückverbindung her und verbindet den Kunden mit einem Support-Mitarbeiter. Sobald eine Support-Sitzung beendet ist, beendet die kundenseitige Anwendung automatisch alle laufende Prozesse die zu der Support-Sitzung gehören und deinstalliert sich selbst vom Gerät des Kunden. Während des Penetrationstests stellte Symantec fest, dass die für Remote-Kunden bereitgestellten Zugriffskontrollen den Zugriff auf deren Endgerät hinreichend beschränken. Es gelang Symantec nicht die Kontrolle von Kunden-Endgerät zu übernehmen. Ebenso wenig konnte Symantec eine Support-Sitzung wieder aufnehmen, sobald die Sitzung beendet war.
  • Prüfung und Protokollierung – In einem gut konzipierten System werden hinreichend detaillierte Protokolle geführt um die Rekonstruktion der Systemaktivitäten zu erlauben. Die Bomgar Lösung verfügt über mehrere Protokollfunktionen. Standardmäßig werden alle Support-Sitzungen lokal auf der Appliance protokolliert undzusammen mit Angaben darüber wer der Kunde war und wann Ereignisse wie zum Beispiel Bildschirmfreigaben stattgefunden haben. Darüber hinaus kann eine Aufzeichnung von Sitzungen für Bildschirmfreigabe, Befehlsshell-Zugriff und Präsentationen aktiviert werden.

„Die Bedrohung durch Netzwerkangriffe und Sicherheitslücken nimmt zu, und Jahr für Jahr wird Remote-Support-Technologie als der wichtigste Angriffsweg bei solchen Attacken genannt“, so Nathan McNeill, Mitbegründer und Chief Strategy Officer von Bomgar. „Bei Bomgar haben wir das Ziel, die sichersten verfügbaren Remote-Support-Lösungen zu liefern. Deshalb lassen wir unsere Produkte regelmäßig von Symantec und anderen führenden Anbietern im Bereich Sicherheit testen.“

Die vollständige Sicherheitsbeurteilung von Bomgar können Sie unter folgender Adresse lesen: http://goo.gl/d6BhX

ÜBER BOMGAR

Bomgar bietet Remote-Support-Lösungen für die einfache und sichere Unterstützung von EDV-Systemen und mobilen Geräten. Die Bomgar Appliance basierte lösugen helfen Unternehmen, die Effizienz und Leistung ihres technischen Supports zu verbessern und optimieren, indem sie es den Technikern ermöglichen, auf fast jedem Gerät und System überall auf der Welt Fehlerbehebungen durchzuführen – einschließlich Windows, Mac, Linux, iOS, Android, BlackBerry und vielen anderen. Mehr als 6.500 Organisationen in 65 Ländern haben Bomgar bereits eingesetzt, um die Zufriedenheit ihrer Kunden sprunghaft zu steigern und die Kosten dramatisch zu reduzieren. Bomgar ist ein Privatunternehmen mit Niederlassungen in America, Frankreich und Großbrittanien. Die Internetpräsenz des Unternehmens finden Sie unter www.bomgar.com/de.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, discussed single-value, geo-spatial, and log time series data. By focusing on enterprise applications and the data center, he will use OpenTSDB as an example t...
Today’s enterprise is being driven by disruptive competitive and human capital requirements to provide enterprise application access through not only desktops, but also mobile devices. To retrofit existing programs across all these devices using traditional programming methods is very costly and time consuming – often prohibitively so. In his session at @ThingsExpo, Jesse Shiah, CEO, President, and Co-Founder of AgilePoint Inc., discussed how you can create applications that run on all mobile devices as well as laptops and desktops using a visual drag-and-drop application – and eForms-buildi...
There is no doubt that Big Data is here and getting bigger every day. Building a Big Data infrastructure today is no easy task. There are an enormous number of choices for database engines and technologies. To make things even more challenging, requirements are getting more sophisticated, and the standard paradigm of supporting historical analytics queries is often just one facet of what is needed. As Big Data growth continues, organizations are demanding real-time access to data, allowing immediate and actionable interpretation of events as they happen. Another aspect concerns how to deliver ...
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using the URL as a basic building block, we open this up and get the same resilience that the web enjoys.
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
Things are being built upon cloud foundations to transform organizations. This CEO Power Panel at 15th Cloud Expo, moderated by Roger Strukhoff, Cloud Expo and @ThingsExpo conference chair, addressed the big issues involving these technologies and, more important, the results they will achieve. Rodney Rogers, chairman and CEO of Virtustream; Brendan O'Brien, co-founder of Aria Systems, Bart Copeland, president and CEO of ActiveState Software; Jim Cowie, chief scientist at Dyn; Dave Wagstaff, VP and chief architect at BSQUARE Corporation; Seth Proctor, CTO of NuoDB, Inc.; and Andris Gailitis, C...
In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect at GE, and Ibrahim Gokcen, who leads GE's advanced IoT analytics, focused on the Internet of Things / Industrial Internet and how to make it operational for business end-users. Learn about the challenges posed by machine and sensor data and how to marry it with enterprise data. They also discussed the tips and tricks to provide the Industrial Internet as an end-user consumable service using Big Data Analytics and Industrial Cloud.
How do APIs and IoT relate? The answer is not as simple as merely adding an API on top of a dumb device, but rather about understanding the architectural patterns for implementing an IoT fabric. There are typically two or three trends: Exposing the device to a management framework Exposing that management framework to a business centric logic Exposing that business layer and data to end users. This last trend is the IoT stack, which involves a new shift in the separation of what stuff happens, where data lives and where the interface lies. For instance, it's a mix of architectural styles ...
The Industrial Internet revolution is now underway, enabled by connected machines and billions of devices that communicate and collaborate. The massive amounts of Big Data requiring real-time analysis is flooding legacy IT systems and giving way to cloud environments that can handle the unpredictable workloads. Yet many barriers remain until we can fully realize the opportunities and benefits from the convergence of machines and devices with Big Data and the cloud, including interoperability, data security and privacy.
Technology is enabling a new approach to collecting and using data. This approach, commonly referred to as the "Internet of Things" (IoT), enables businesses to use real-time data from all sorts of things including machines, devices and sensors to make better decisions, improve customer service, and lower the risk in the creation of new revenue opportunities. In his General Session at Internet of @ThingsExpo, Dave Wagstaff, Vice President and Chief Architect at BSQUARE Corporation, discuss the real benefits to focus on, how to understand the requirements of a successful solution, the flow of ...
Cloud Expo 2014 TV commercials will feature @ThingsExpo, which was launched in June, 2014 at New York City's Javits Center as the largest 'Internet of Things' event in the world.
"People are a lot more knowledgeable about APIs now. There are two types of people who work with APIs - IT people who want to use APIs for something internal and the product managers who want to do something outside APIs for people to connect to them," explained Roberto Medrano, Executive Vice President at SOA Software, in this SYS-CON.tv interview at Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Performance is the intersection of power, agility, control, and choice. If you value performance, and more specifically consistent performance, you need to look beyond simple virtualized compute. Many factors need to be considered to create a truly performant environment. In his General Session at 15th Cloud Expo, Harold Hannon, Sr. Software Architect at SoftLayer, discussed how to take advantage of a multitude of compute options and platform features to make cloud the cornerstone of your online presence.
In this Women in Technology Power Panel at 15th Cloud Expo, moderated by Anne Plese, Senior Consultant, Cloud Product Marketing at Verizon Enterprise, Esmeralda Swartz, CMO at MetraTech; Evelyn de Souza, Data Privacy and Compliance Strategy Leader at Cisco Systems; Seema Jethani, Director of Product Management at Basho Technologies; Victoria Livschitz, CEO of Qubell Inc.; Anne Hungate, Senior Director of Software Quality at DIRECTV, discussed what path they took to find their spot within the technology industry and how do they see opportunities for other women in their area of expertise.
DevOps Summit 2015 New York, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential.
Wearable devices have come of age. The primary applications of wearables so far have been "the Quantified Self" or the tracking of one's fitness and health status. We propose the evolution of wearables into social and emotional communication devices. Our BE(tm) sensor uses light to visualize the skin conductance response. Our sensors are very inexpensive and can be massively distributed to audiences or groups of any size, in order to gauge reactions to performances, video, or any kind of presentation. In her session at @ThingsExpo, Jocelyn Scheirer, CEO & Founder of Bionolux, will discuss ho...
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity.
“With easy-to-use SDKs for Atmel’s platforms, IoT developers can now reap the benefits of realtime communication, and bypass the security pitfalls and configuration complexities that put IoT deployments at risk,” said Todd Greene, founder & CEO of PubNub. PubNub will team with Atmel at CES 2015 to launch full SDK support for Atmel’s MCU, MPU, and Wireless SoC platforms. Atmel developers now have access to PubNub’s secure Publish/Subscribe messaging with guaranteed ¼ second latencies across PubNub’s 14 global points-of-presence. PubNub delivers secure communication through firewalls, proxy ser...
We’re no longer looking to the future for the IoT wave. It’s no longer a distant dream but a reality that has arrived. It’s now time to make sure the industry is in alignment to meet the IoT growing pains – cooperate and collaborate as well as innovate. In his session at @ThingsExpo, Jim Hunter, Chief Scientist & Technology Evangelist at Greenwave Systems, will examine the key ingredients to IoT success and identify solutions to challenges the industry is facing. The deep industry expertise behind this presentation will provide attendees with a leading edge view of rapidly emerging IoT oppor...
Connected devices and the Internet of Things are getting significant momentum in 2014. In his session at Internet of @ThingsExpo, Jim Hunter, Chief Scientist & Technology Evangelist at Greenwave Systems, examined three key elements that together will drive mass adoption of the IoT before the end of 2015. The first element is the recent advent of robust open source protocols (like AllJoyn and WebRTC) that facilitate M2M communication. The second is broad availability of flexible, cost-effective storage designed to handle the massive surge in back-end data in a world where timely analytics is e...