The security and confidentiality of credentials and scanned data of Lansweeper users is of critical importance in developing the Lansweeper software. Though submitted credential passwords have always been encrypted by Lansweeper and the Lansweeper database has always been password protected under Microsoft SQL Server, even more restrictive security features were implemented in Lansweeper 6.0. This article highlights some of the measures built into Lansweeper to protect your data and credentials and eliminate security risks. Topics discussed are:
- Security of submitted scanning and other credentials
- Security of the database and its connection string
- Restrictions on running database scripts
- Security of the web console
- Security of installation folders
Security of submitted scanning and other credentials
Certain tasks performed by Lansweeper require you to submit credentials. To remotely scan and deploy on Windows computers for instance, username/password combinations with administrative rights on the computers must be provided. Remote scans of Linux, Unix and Mac computers, VMware servers and SNMP enabled devices also require credentials, with varying degrees of access rights documented in this knowledge base article. Lastly, credentials are also required to access servers used for help desk and alert mailing.
The passwords of submitted credentials have always been encrypted prior to being added to your database, the same database that also stores scanned and other data. Once submitted, the passwords are no longer visible in plain text in the web console or database itself. Though the passwords are encrypted, the encryption does need to be reversible, as Lansweeper must eventually pass these credentials to assets and mail servers in order to access them. Prior to Lansweeper 6.0, the same password encryption key was used for all Lansweeper installations. This encryption could theoretically be reverse engineered by someone with the necessary technical expertise and access to the database. From Lansweeper 6.0 onward, a key unique to each Lansweeper installation is used to encrypt and decrypt credentials stored in the database. This encryption key is an actual file on the Lansweeper server, making it impossible for anyone to decrypt your credentials unless the Lansweeper server itself is already compromised.
The screenshot below shows the encryption key generated for one specific Lansweeper installation. New Lansweeper installations automatically use a unique key file for credential encryption. Installations that were updated to version 6.0 and only have a single scanning server are also automatically switched to the new method of encryption. Updated installations that have multiple scanning servers cannot automatically be switched to the new encryption method by the Lansweeper installer. In a multi scanning server setup however, the new encryption method can manually be enabled in the following section of the web console: Configuration\Server Options
Security of the database and its connection string
The Lansweeper software consists of 3 components: database, scanning service and web console. If the database is hosted in the Microsoft SQL Compact database server, it can only be accessed by processes running locally on the server and therefore has no password. If the database is hosted in SQL Server, it can be accessed remotely from other servers in your network, if the necessary firewall and SQL Server configuration is performed and if the correct database password is provided. From Lansweeper 6.0.100 onward, the database password is automatically randomized under SQL Server to prevent unauthorized access. As was the case prior to 6.0.100, you can also specify your own password by following the instructions in this knowledge base article. If prior to 6.0.100 you had already configured your own password, the existing password is left in place when updating.
The two configuration files below, found on the scanning server and web server respectively, tell the scanning service and web console which Lansweeper database to access. From Lansweeper 6.0.100 onward, the database connection strings in the files below are also obfuscated and not displayed in plain text. This makes it impossible for someone with mere access to these files to see where your database is hosted or what its password is. Modifications to the connection strings must now be made with the ConfigEditor tool documented in this knowledge base article.
Restrictions on running database scripts
Prior to Lansweeper 6.0.100, it was possible to run database scripts from within the web console. Through deliberate execution of faulty scripts, users could theoretically expose information in the database that they otherwise would not have access to. Though running scripts already required users to be given a specific web console permission, executing database scripts from the web console has been made impossible from Lansweeper 6.0.100 onward.
Scripts can now only be run from external tools like the DatabaseMaintenance tool below, found on the Lansweeper server. Tools like SQL Server Management Studio and SQL Compact Toolbox can also be used to run scripts, but connections to SQL Server databases do of course require users to know and submit the database password.
Security of the web console
To ensure that whoever will be managing your Lansweeper installation can access the configuration, the web console is by default accessible to anyone in your network that knows the correct URL. As was the case prior to 6.0 as well, web console access can easily be restricted to certain users or groups by following the instructions in this knowledge base article. Restricting access takes just a few minutes and allows you to specify not only who can log in, but also which specific tasks they can perform within the console. Applied web console permissions remain intact after subsequent Lansweeper updates.
The screenshot below shows the default login screen. The admin button gives full rights to the console, but can be removed. Who can log in with the available login boxes and what they can access can be restricted.
Security of installation folders
When you install Lansweeper, most files used by the database, scanning service and web console are copied to the folder below on your Lansweeper server. From Lansweeper 6.0.100 onward, the default permissions on the subfolders located in the Lansweeper installation folder below have been made more restrictive where possible, so only necessary users and processes have access.