Categories
Unclassified

DWService: let’s talk about security

DWService provides a super efficient way to connect to your remote computer(s). And it’s probably the only solution to do so entirely from your browser, without installing anything on the cient side. But how secured is it?

Our infrastructure

Front-end, Back-end and Nodes are the three core components of DWService’s infrastructure. More precisely:

Front-end is the component that manages the web interface of the site (www.dwservice.net), also communicates with the Back-end to redirect users and agents on the Nodes.

Back-end is the main component of the infrastructure, where data is stored, and it is responsible for managing and monitoring all the other components.

Nodes are components that manage the web interface of the sessions (nodeXXXXX.dwservice.net), also dealing with data triangulation between users and agents (managing bandwidth, checking connections, and so on). An agent is always connected to a node waiting for the user to connect.

All communication between components and between users and agents take place using TCP port 443 (https standard), communications are encrypted via SSL certificate according to the latest security standards.

What information do we stored ?

The only user’s information stored on our servers are:

  • Authentication data: email, encrypted password and other non-mandatory personal information.
  • Agent data: name, description, etc.
  • Sharing data: name, setup, any login password.
  • Access data: start time, end time, IP address.

All encrypted passwords are stored using the hash technique according to the latest security standards so that they cannot be traced back to the password. Furthermore, no data that passes between users and agents is stored on our servers. The reason why we decided to store access data is to protect users in case of misuse of our service (if necessary, we are available to give this information to the competent authorities).

An open source model

Unlike other remote desktop solutions available on the market, we decided to go further by providing the source code of the agent so that anyone can check what it does in their system with the ability to modify the code for example to limit or monitor specific operations.

We are also planning to develop a simplified node version (connected to our infrastructure) so that the user can install it on his own server and on which:

  • Encrypted passwords will be stored.
  • Custom SSL certificate can be installed.
  • All traffic related to the agents will be redirected.
  • Data accesses will be stored.

DWService uses all reasonable security measures to safeguard information stored on its servers. Despite the security measures employed by DWService, users should be aware that it is impossible to guarantee absolute security with respect to electronic information.

If you have any questions you can contact us at the address staff@dwservice.net.

Leave a Reply

Your email address will not be published. Required fields are marked *