Secure Application Access

Designed with Security in Mind

As organizations become more distributed, and more employees work from home, remote application access solutions like GO-Global are increasingly in demand—and increasingly subject to scrutiny by IT security teams. GO-Global was designed from the start with security in mind, from protocol encryption and session isolation to defense against attackers and two-factor authentication. Applications deployed through GO-Global are typically more secure than when they are installed directly on an endpoint device.

Proprietary Connection Protocol

Because GO-Global was developed using GraphOn’s proprietary, closed source Rapid-X Protocol (RXP), it offers additional defense against attackers, compared to open source protocols like Microsoft® Remote Desktop Protocol, where security weaknesses have been found and exploited as recently as March 2020. Additional GO-Global built-in security measures include disabling all configuration options that enable sharing of server or client resources and control over exactly which applications can be accessed remotely.

Operating System Security and User Authentication

GO-Global inherits and honors all user and data security boundaries from the Windows® operating system, including Group Policies, Access Control Lists, etc. GO-Global also maintains security settings controlling access at the user and application level that are enforced during the logon process. Additionally, GO-Global respects Windows file, folder, share, printer, and registry permissions, which are central to Windows system security. To reduce potential security threats, IT admins using GO-Global should adhere to Microsoft’s recommended best practices, especially avoiding Administrator privileges for end users. To ensure consistency across multiple hosts, GraphOn recommends using Windows Group Policies for all global security settings.

GO-Global provides a vital extra layer of connection security with Two-Factor Authentication (2FA), which requires users to enter a 6-digit code from an authenticator app on a smart phone in addition to their username and password. 2FA ensures that, even if a user’s password is compromised, the attacker will not be able to access the host system without access to the user’s unlocked phone. This renders brute force and dictionary password searches useless – which is especially critical as more end users access corporate work computers while working from home, driving an increase in brute force attacks. 2FA also reduces the burden of forcing a complex password policy.

Additional security recommendations include the use of Integrated Windows Authentication to eliminate the need to cache passwords for connections between Windows clients and GO-Global Hosts.

Additional Security Measures

Many organizations use a VPN solution for remote access to applications. Most GraphOn customers opt to extend their existing VPN environment to support GO-Global session traffic from remote end users. To get an additional security layer, IT can use SSL to encrypt GO-Global sessions running within a VPN data stream. GO-Global also supports Proxy Server Tunneling, also known as HTTP Connect, which allows a user who accesses the internet via a web proxy server to connect to GO-Global Hosts on the internet.

Client Session Encryption

By default, GO-Global encrypts sessions using DES (Data Encryption Standard) with 56-bit key strength for all client session connections to protect against basic packet sniffers and clients intercepting raw data communications. It is fast, reliable, and offers an immediate level of security for LAN-based connections via GO-Global.

For internet communications and security-conscious environments, GO-Global offers SSL-based transport with the following encryption algorithms: 128-bit RC4, 168-bit 3DES and 256-bit AES. These stronger encryption algorithms require that the administrator applies a signed SSL certificate on the host, which can be generated using any standard Certificate Authority. Administrators can also generate trusted SSL certificates for GO-Global Hosts through the Security tab of the Host Options dialog in the Admin Console, where the GO-Global Host has a publicly registered DNS address. This allows administrators to enable strong encryption and SSL/TLS security without purchasing a certificate from a third-party Certificate Authority.

 

 

Slide …GO-Global has helped us reduce cost and improve application performance. FAITEC CLOUD | IT and Managed Services | Brazil Fabio Santana – CEO Testimonial Logos Homepage Slide …GO-Global is secure, reliable, easy to install and maintain, and delivers a great user experience. We have also found it to be very cost-effective. VISURE SOLUTIONS Testimonial Logos Homepage Requirements Management ALM Software | USA Fernando Valera – CEO Slide We used to use Citrix XenApp to publish our cash automation platform but switched to GO-Global for its affordability and easy installation and management. CFORIA SOFTWARE | Cloud Software Provider | USA Testimonial Logos Homepage Brad Wentzel - Director, Security Slide GO-Global was fundamental to our growth and success as an Oracle Cloud Services provider. BEG CLOUD | Managed Service Provider | Brazil Testimonial Logos Homepage Guiherme Costa – CEO Slide GO-Global has delivered on 100% of our expectations, is easy for IT to manage, and provides my end users with a great experience - and no trauma. GRUPO R CAVALHO | Supermarket Chain | Brazil Julio Pires - IT Manager Testimonial Logos Homepage Slide We adopted GO-Global technology in 2019 after evaluating other solutions on the market and finding that GO-Global offers the best cost-benefit ratio. ARMAZEM DATA CENTER Gilson Pohl - Business Manager Testimonial Logos Homepage Data Center Warehouse | Brazil & USA