Expect Maximum Security

At ISL Online, we take security very seriously. We apply industry-standard security technologies to protect your data and comply with the strictest security standards. Banks, government bodies, and global brands choose ISL Online for our high level of security.

Download security statement
Network Layer

Top-Tier Security with End-to-End Encryptionlink

ISL Online employs advanced encryption and key exchange methods to ensure robust and secure remote desktop sessions.

Top-Tier Security

RSA/ECDSA Cryptographic Keys with Diffie-Hellman Key Exchange

ISL Online uses cryptographic algorithms to establish a remote desktop connection.

To establish a remote desktop connection from your local computer to a remote computer, start the ISL Light application, which holds the RSA 2048-bit public key of the ISL Conference Proxy (ICP) server. The initial TLS connection (Server Connection) is established once the ISL Light application verifies that it is connected to the ISL Conference Proxy (ICP) server using the provided public key.

Once both endpoints (a local and a remote device) have established a Server Connection, they use RSA keys to set up a Standard Connection between them. This is achieved by negotiating AES 256-bit symmetric encryption keys using the Diffie-Hellman cryptographic algorithm.

If available, a Direct Connection will be established between the two endpoints, allowing the session contents to be sent directly from one endpoint to the other without being relayed through the ISL Conference Proxy (ICP) server. The Direct Connection is established using keys from the Elliptic Curve Digital Signature Algorithm (ECDSA P-256) to negotiate AES 256-bit symmetric encryption keys, employing the Diffie-Hellman cryptographic algorithm. While the initial Standard Connection remains active, it now serves solely as a Control Channel, managing session connectivity without containing any information about the content of the remote desktop data stream.

AES 256-bit Encryption

Regardless of the connection type (Standard Connection or Direct Connection), the content of the Remote Desktop Data Stream between the local and remote computer is transferred through a secure tunnel, protected by symmetrical AES 256-bit end-to-end encryption, to meet the highest security standards.

RSA 2048/4096-bit Encryption

RSA 2048/4096-bit encryption is used for establishing secure connections and verifying the identity of the ISL Conference Proxy (ICP) server. This ensures that the initial Server Connection is secure and authenticated.

ECDSA P-256

ECDSA P-256 is employed for negotiating encryption keys when establishing a Direct Connection between endpoints. This method ensures that the session contents can be securely transmitted directly between the endpoints without being relayed through the ISL Conference Proxy (ICP) server.

Diffie-Hellman Key Exchange

The Diffie-Hellman cryptographic algorithm is utilized to negotiate AES 256-bit symmetric encryption keys, providing a secure method for key exchange and ensuring the confidentiality of the connection.

Code Signing

ISL Online applications are digitally signed by means of a code signing certificate, which reliably identifies ISL Online as the software publisher and guarantees that the code has not been altered or corrupted since it was signed with a digital signature.

Function Transparency

ISL Online software is designed to never run in the background without the client's awareness. The software's functionality is transparent, ensuring that the client can always monitor and control the actions performed by the helpdesk operator.

Remote Connection

Direct vs. Standard Connectionlink

ISL Online automatically selects the most effective connection technique, either by establishing a session tunnel directly between the local and remote computer (Direct Connection) or through a routed connection (Standard Connection).

Read manual
Remote Connection
Remote Connection
Host Candidates

These are the local IP addresses of the devices. Host candidates represent the devices' actual network interfaces and are used for direct connections when both local and remote devices are on the same local network.

Server-Reflexive Candidates

Server-reflexive candidates are acquired through STUN (Session Traversal Utilities for NATs) servers. STUN servers reflect UDP (User Datagram Protocol) packets back to the device, allowing it to discover its external address and port visible to the internet. This helps in establishing communication with devices outside the local network, overcoming NAT barriers.

Relay Candidates

Relayed candidates are obtained through a TURN (Traversal Using Relays around NAT) server. In cases where direct communication is not possible due to restrictive firewalls or symmetric NAT, devices can use a relay server to relay their data through a third-party server. TURN candidates help in establishing communication when other methods fail.

Standard Connection

When a Standard Connection is used, all data traffic, including both the Control Channel and the remote desktop data stream, is relayed through an ISL Conference Proxy (ICP) server. The ICP cannot decrypt the session content; it simply transfers packets from one side to the other.

User Management

Manage Your Users Centrallylink

Read manual

ISL Online enables simple and secure user management by integrating with external user directories such as Microsoft Active Directory, NetIQ eDirectory, LDAP, or RADIUS, or by relying on identity providers (IdPs) like Microsoft Entra ID (formerly Azure AD), or Okta. These providers manage user identities, credentials, and access rights.

User Management

Single Sign-On (SSO/SAML)link

Eligible users (administrators) can configure a Single Sign-On (SSO) method that allows users from their organizations to securely authenticate and log into their ISL Online accounts through third-party SSO identity providers (e.g., Microsoft Entra ID, Okta) via the secure SAML 2.0 protocol.

Read manual
SSO
Intranet (LAN-only) Configuration

Many large organizations rely on ISL Online solely within a local area network (LAN), ensuring seamless technical support to employees across multiple locations while keeping everything within their internal network.

Brute Force Intrusion Protection

ISL Online servers enhance security by preventing brute force attacks through limiting the number of failed login attempts for a user or specific address within a set period. Additionally, you can restrict login attempts to specific time frames, further safeguarding your system.

Reverse Proxy Support

ISL Online allows you to install the server behind a reverse proxy, eliminating the need to expose it directly to the internet. This setup enables you to place your reverse proxy in an internet-facing DMZ while keeping your ISL Conference Proxy (ICP) server safely hidden within a non-public subnet, protecting your sensitive infrastructure from external threats.

Read manual
Compliance

Environmental, Social, and Governance (ESG)link

ISL Online (XLAB) is committed to complying with all applicable laws and regulations, adhering to our code of conduct, and aligning with our corporate social responsibility and sustainability policies.

Download ISO 27001:2022 certificate
End-to-End Encryption (E2EE)
ISO 27001

ISL Online complies with ISO/IEC 27001:2022, the global standard for information security management systems (ISMS). This certification demonstrates our commitment to managing data security risks, ensuring that we follow best practices and principles to protect your data comprehensively.

HIPAA

ISL Online software is suitable for companies and organizations that need to adhere to strict HIPAA (Health Insurance Portability and Accountability Act) requirements. A dedicated data protection team can assist you with the documentation and tests required to demonstrate compliance.

ISO 14001

ISL Online is committed to complying with European environmental laws and the ISO 14001 standard to preserve the environment for future generations. Our software enables users to reduce travel by working remotely, thereby minimizing their environmental impact.

GDPR

At ISL Online, we respect the privacy of our website visitors and clients who use our products and services. We provide our users with high-quality, secure and reliable remote desktop software under the GDPR regulation, taking into consideration all of its privacy requirements.

Accessibility

Our products and services are designed to be inclusive, with built-in accessibility features aligned with WCAG 2.0 guidelines to enhance usability and functionality for all users.

Compliance

Industry Standards Compliancelink

We implement numerous safeguards and features for user privacy rights and ensure data handling aligns with the highest industry standards.

Data Minimization

The content of remote desktop sessions is always encrypted end-to-end and is NOT stored on ISL Online's servers. The servers solely relay data between the local and remote computers.

Verified Data Centres

ISL Online's master servers are located within the European Union in ISO 27001-certified data centers, while sessions are relayed by servers hosted in professional data centers around the globe.

Security Audits and Penetration Testing

Independent security audits and penetration tests of the ISL Online system are conducted regularly, demonstrating that ISL Online is a trustworthy service with a very high level of security.

Incident Management System

The Incident Management System (IMS) helps us maintain continuous service levels, measure IT service availability, document undesired events, and reduce their recurrence.

Security Features

Security Measures at a Glancelink

We have pulled together a short list of security measures and features a remote desktop provider should use to guarantee a high level of security.

Two-Factor Authentication (2FA)

Two-factor authentication (2FA) is an extra layer of security to protect your ISL Online account. When 2FA is enabled, users must provide a second factor (a one-time passcode) in addition to their password to log in successfully. Various methods are available, including phone, email, authentication apps, and FIDO U2F security keys by Yubico.

  • Additional security layer
  • Phone, email, authentication apps, and YubiKeys
Read manual
2FA

Port Filtering

ISL Online seamlessly integrates with your firewall, requiring no additional configuration. It automatically initiates outgoing connections through ports 7615, 80, or 443. When a direct connection is available via STUN/TURN, connections use arbitrary UDP ports.

  • Firewall configuration
  • Optimized connectivity
Read manual
Port Filtering

Allow / Deny List

Prevent any misuse of remote desktop software in your company by creating allow and deny lists, which restrict the use of ISL Online software within your organisation. You are able to limit the data access to ISL Online servers based on the IP and/or MAC addresses.

  • Email notifications
  • Controlled access
Read manual
2FA

Restriction of Features

With ISL Online, the account admin can assign its domain users different rights and limitations, including allowing or disabling access to specific computers. For each individual user you can also set a maximum number of concurrent sessions, disable rights to use audio, video, remote printing, file transfer, and desktop sharing.

  • Scheduled sessions
  • User rights and permissions
2FA

Logs and Accountability

ISL Online allows IT administrators to track which systems were accessed and review the metadata of each remote desktop connection. Detailed records are available for every session, providing information such as IP addresses, timestamps, and more.

  • User identification
  • Audit users' activities
2FA
Proactive Protection

Customer Protection Systemlink

ISL Online's Customer Protection System (CPS) is designed to proactively identify suspicious remote connection activities and protect users from potentially harmful actions. However, it's important to remain vigilant, understand the risks, and recognize the signs of a scam to protect yourself effectively.

Misuse prevention
Passwords

Customizable Password Policylink

By default, ISL Online's password security policy is based on the latest NIST (National Institute of Standards and Technology) specifications. Additionally, ISL Online allows you to fully customize your password policy, either globally or on a per-user basis, to meet stricter security standards. ISL Online does not store passwords in plain text; instead, it uses salted password hashing to protect passwords stored in user account databases.

Read manual
Account Password

The account password is set when you create an account with ISL Online. It is used to log into ISL Online's desktop app, mobile app, or web portal. We recommend protecting your account password with two-factor authentication (2FA).

Main Access Password

The main access password is set during the installation of the remote access agent (ISL AlwaysOn) and is used to connect to a remote computer.

Connection Password

If you are sharing a computer or a computer group with multiple users, you should set separate connection access passwords for each user.

One-Time Password

You may choose to generate a list of one-time passwords for accessing a remote computer.

Access Passwords
Security Statement

Learn More About ISL Online Securitylink

Download security statement

Try 15 Days For Free

Enjoy your new remote desktop experience!

No risk, no obligation.