Expect Maximum Security
At ISL Online, we take security very seriously. We apply industry-standard security technologies to protect your data and comply with the strictest security standards. Banks, government bodies, and global brands choose ISL Online for our high level of security.
Download security statementTop-Tier Security with End-to-End Encryptionlink
ISL Online employs advanced encryption and key exchange methods to ensure robust and secure remote desktop sessions.
RSA/ECDSA Cryptographic Keys with Diffie-Hellman Key Exchange
ISL Online uses cryptographic algorithms to establish a remote desktop connection.
To establish a remote desktop connection from your local computer to a remote computer, start the ISL Light application, which holds the RSA 2048-bit public key of the ISL Conference Proxy (ICP) server. The initial TLS connection (Server Connection) is established once the ISL Light application verifies that it is connected to the ISL Conference Proxy (ICP) server using the provided public key.
Once both endpoints (a local and a remote device) have established a Server Connection, they use RSA keys to set up a Standard Connection between them. This is achieved by negotiating AES 256-bit symmetric encryption keys using the Diffie-Hellman cryptographic algorithm.
If available, a Direct Connection will be established between the two endpoints, allowing the session contents to be sent directly from one endpoint to the other without being relayed through the ISL Conference Proxy (ICP) server. The Direct Connection is established using keys from the Elliptic Curve Digital Signature Algorithm (ECDSA P-256) to negotiate AES 256-bit symmetric encryption keys, employing the Diffie-Hellman cryptographic algorithm. While the initial Standard Connection remains active, it now serves solely as a Control Channel, managing session connectivity without containing any information about the content of the remote desktop data stream.
AES 256-bit Encryption
Regardless of the connection type (Standard Connection or Direct Connection), the content of the Remote Desktop Data Stream between the local and remote computer is transferred through a secure tunnel, protected by symmetrical AES 256-bit end-to-end encryption, to meet the highest security standards.
RSA 2048/4096-bit Encryption
RSA 2048/4096-bit encryption is used for establishing secure connections and verifying the identity of the ISL Conference Proxy (ICP) server. This ensures that the initial Server Connection is secure and authenticated.
ECDSA P-256
ECDSA P-256 is employed for negotiating encryption keys when establishing a Direct Connection between endpoints. This method ensures that the session contents can be securely transmitted directly between the endpoints without being relayed through the ISL Conference Proxy (ICP) server.
Diffie-Hellman Key Exchange
The Diffie-Hellman cryptographic algorithm is utilized to negotiate AES 256-bit symmetric encryption keys, providing a secure method for key exchange and ensuring the confidentiality of the connection.
Code Signing
ISL Online applications are digitally signed by means of a code signing certificate, which reliably identifies ISL Online as the software publisher and guarantees that the code has not been altered or corrupted since it was signed with a digital signature.
Function Transparency
ISL Online software is designed to never run in the background without the client's awareness. The software's functionality is transparent, ensuring that the client can always monitor and control the actions performed by the helpdesk operator.
Direct vs. Standard Connectionlink
ISL Online automatically selects the most effective connection technique, either by establishing a session tunnel directly between the local and remote computer (Direct Connection) or through a routed connection (Standard Connection).
Read manual
Host Candidates
These are the local IP addresses of the devices. Host candidates represent the devices' actual network interfaces and are used for direct connections when both local and remote devices are on the same local network.
Server-Reflexive Candidates
Server-reflexive candidates are acquired through STUN (Session Traversal Utilities for NATs) servers. STUN servers reflect UDP (User Datagram Protocol) packets back to the device, allowing it to discover its external address and port visible to the internet. This helps in establishing communication with devices outside the local network, overcoming NAT barriers.
Relay Candidates
Relayed candidates are obtained through a TURN (Traversal Using Relays around NAT) server. In cases where direct communication is not possible due to restrictive firewalls or symmetric NAT, devices can use a relay server to relay their data through a third-party server. TURN candidates help in establishing communication when other methods fail.
Standard Connection
When a Standard Connection is used, all data traffic, including both the Control Channel and the remote desktop data stream, is relayed through an ISL Conference Proxy (ICP) server. The ICP cannot decrypt the session content; it simply transfers packets from one side to the other.
ISL Online enables simple and secure user management by integrating with external user directories such as Microsoft Active Directory, NetIQ eDirectory, LDAP, or RADIUS, or by relying on identity providers (IdPs) like Microsoft Entra ID (formerly Azure AD), or Okta. These providers manage user identities, credentials, and access rights.
Single Sign-On (SSO/SAML)link
Eligible users (administrators) can configure a Single Sign-On (SSO) method that allows users from their organizations to securely authenticate and log into their ISL Online accounts through third-party SSO identity providers (e.g., Microsoft Entra ID, Okta) via the secure SAML 2.0 protocol.
Read manual
Intranet (LAN-only) Configuration
Many large organizations rely on ISL Online solely within a local area network (LAN), ensuring seamless technical support to employees across multiple locations while keeping everything within their internal network.
Brute Force Intrusion Protection
ISL Online servers enhance security by preventing brute force attacks through limiting the number of failed login attempts for a user or specific address within a set period. Additionally, you can restrict login attempts to specific time frames, further safeguarding your system.
Reverse Proxy Support
ISL Online allows you to install the server behind a reverse proxy, eliminating the need to expose it directly to the internet. This setup enables you to place your reverse proxy in an internet-facing DMZ while keeping your ISL Conference Proxy (ICP) server safely hidden within a non-public subnet, protecting your sensitive infrastructure from external threats.
Read manualEnvironmental, Social, and Governance (ESG)link
ISL Online (XLAB) is committed to complying with all applicable laws and regulations, adhering to our code of conduct, and aligning with our corporate social responsibility and sustainability policies.
Download ISO 27001:2022 certificate
ISO 27001
ISL Online complies with ISO/IEC 27001:2022, the global standard for information security management systems (ISMS). This certification demonstrates our commitment to managing data security risks, ensuring that we follow best practices and principles to protect your data comprehensively.
HIPAA
ISL Online software is suitable for companies and organizations that need to adhere to strict HIPAA (Health Insurance Portability and Accountability Act) requirements. A dedicated data protection team can assist you with the documentation and tests required to demonstrate compliance.
ISO 14001
ISL Online is committed to complying with European environmental laws and the ISO 14001 standard to preserve the environment for future generations. Our software enables users to reduce travel by working remotely, thereby minimizing their environmental impact.
GDPR
At ISL Online, we respect the privacy of our website visitors and clients who use our products and services. We provide our users with high-quality, secure and reliable remote desktop software under the GDPR regulation, taking into consideration all of its privacy requirements.
Accessibility
Our products and services are designed to be inclusive, with built-in accessibility features aligned with WCAG 2.0 guidelines to enhance usability and functionality for all users.
Industry Standards Compliancelink
We implement numerous safeguards and features for user privacy rights and ensure data handling aligns with the highest industry standards.
Data Minimization
The content of remote desktop sessions is always encrypted end-to-end and is NOT stored on ISL Online's servers. The servers solely relay data between the local and remote computers.
Verified Data Centres
ISL Online's master servers are located within the European Union in ISO 27001-certified data centers, while sessions are relayed by servers hosted in professional data centers around the globe.
Security Audits and Penetration Testing
Independent security audits and penetration tests of the ISL Online system are conducted regularly, demonstrating that ISL Online is a trustworthy service with a very high level of security.
Incident Management System
The Incident Management System (IMS) helps us maintain continuous service levels, measure IT service availability, document undesired events, and reduce their recurrence.
Security Measures at a Glancelink
We have pulled together a short list of security measures and features a remote desktop provider should use to guarantee a high level of security.
Two-Factor Authentication (2FA)
Two-factor authentication (2FA) is an extra layer of security to protect your ISL Online account. When 2FA is enabled, users must provide a second factor (a one-time passcode) in addition to their password to log in successfully. Various methods are available, including phone, email, authentication apps, and FIDO U2F security keys by Yubico.
Read manual
Port Filtering
ISL Online seamlessly integrates with your firewall, requiring no additional configuration. It automatically initiates outgoing connections through ports 7615, 80, or 443. When a direct connection is available via STUN/TURN, connections use arbitrary UDP ports.
Read manual
Allow / Deny List
Prevent any misuse of remote desktop software in your company by creating allow and deny lists, which restrict the use of ISL Online software within your organisation. You are able to limit the data access to ISL Online servers based on the IP and/or MAC addresses.
Read manual
Restriction of Features
With ISL Online, the account admin can assign its domain users different rights and limitations, including allowing or disabling access to specific computers. For each individual user you can also set a maximum number of concurrent sessions, disable rights to use audio, video, remote printing, file transfer, and desktop sharing.
Logs and Accountability
ISL Online allows IT administrators to track which systems were accessed and review the metadata of each remote desktop connection. Detailed records are available for every session, providing information such as IP addresses, timestamps, and more.
Customer Protection Systemlink
ISL Online's Customer Protection System (CPS) is designed to proactively identify suspicious remote connection activities and protect users from potentially harmful actions. However, it's important to remain vigilant, understand the risks, and recognize the signs of a scam to protect yourself effectively.
Misuse preventionCustomizable Password Policylink
By default, ISL Online's password security policy is based on the latest NIST (National Institute of Standards and Technology) specifications. Additionally, ISL Online allows you to fully customize your password policy, either globally or on a per-user basis, to meet stricter security standards. ISL Online does not store passwords in plain text; instead, it uses salted password hashing to protect passwords stored in user account databases.
Read manualAccount Password
The account password is set when you create an account with ISL Online. It is used to log into ISL Online's desktop app, mobile app, or web portal. We recommend protecting your account password with two-factor authentication (2FA).
Main Access Password
The main access password is set during the installation of the remote access agent (ISL AlwaysOn) and is used to connect to a remote computer.
Connection Password
If you are sharing a computer or a computer group with multiple users, you should set separate connection access passwords for each user.
One-Time Password
You may choose to generate a list of one-time passwords for accessing a remote computer.
Try 15 Days For Free
Enjoy your new remote desktop experience!
No risk, no obligation.
