Setting up your own cloud instance (relay server).
- Thread starter mirillis
- Start date
Hi ZainT! You don't need any links for the docker version. Plese use the short tutorial above (it's very simple if you have docker already installed, just 2 command lines).
I guess your employers NOC does not flag Anydesk after recent attack on them where the attackers got unattended access to Samsung, Cloudflare, Attlasian and many more
As for security we are again going one step above by adding TPM 2.0 for RSA4096 key generation. This way the symetric AES256 keys will be exchanged using a machine assigned RSA key from the TPM (Remotly will have no access to the private asymetric key). Also all IDs of machines added to the trusted unattended list will be encrypted using TPM2.0 making it impossible for any third party to generate and inject their machine ID as a trusted one and gain hacked access.
We are integrating Remotly with several government institutions. Of course they also were suspicious at first. But after several presentations they have no more objections and are changing Teamviewer and Anydesk to our solution.
We are also going to certificate Remotly for security by one of the major certification organizations.
We are sure that in the near future Remotly will become the most secure remote access software for home and professional use.
I guess your employers NOC does not flag Anydesk after recent attack on them where the attackers got unattended access to Samsung, Cloudflare, Attlasian and many more
As for security we are again going one step above by adding TPM 2.0 for RSA4096 key generation. This way the symetric AES256 keys will be exchanged using a machine assigned RSA key from the TPM (Remotly will have no access to the private asymetric key). Also all IDs of machines added to the trusted unattended list will be encrypted using TPM2.0 making it impossible for any third party to generate and inject their machine ID as a trusted one and gain hacked access.
We are integrating Remotly with several government institutions. Of course they also were suspicious at first. But after several presentations they have no more objections and are changing Teamviewer and Anydesk to our solution.
We are also going to certificate Remotly for security by one of the major certification organizations.
We are sure that in the near future Remotly will become the most secure remote access software for home and professional use.
As for NOC flagging we know that the problem exists in one place. The relay does not use an SSL/TLS certificate as it would require a domain with a certificate to even start the relay.
The relay is just a pipe for transporting AES256 encrypted data. It has no access to the symmetric key so an attack on the relay and getting the streamed audio/video data will not do the attacker any good.
The 443 port is used to fool most of the HW firewalls. But some of them use heuristics and may block this traffic.
For this we are preparing an even more advance solution where you will need a domain and a wildcard certificate and use a subdomain address instead of the IP.
So for example on our side will have several public relays of as I call it "last resort" like:
relay-us-1.remotly.com
For others it will look like: remotly-relay.domain.com
In the panel you will enter the subdomain address of the relay assigned to your organisation and the 443 port will be used as this will be a standard TLS connection (TLS will envelope the AES256 stream making it encrypted twice).
The relay is just a pipe for transporting AES256 encrypted data. It has no access to the symmetric key so an attack on the relay and getting the streamed audio/video data will not do the attacker any good.
The 443 port is used to fool most of the HW firewalls. But some of them use heuristics and may block this traffic.
For this we are preparing an even more advance solution where you will need a domain and a wildcard certificate and use a subdomain address instead of the IP.
So for example on our side will have several public relays of as I call it "last resort" like:
relay-us-1.remotly.com
For others it will look like: remotly-relay.domain.com
In the panel you will enter the subdomain address of the relay assigned to your organisation and the 443 port will be used as this will be a standard TLS connection (TLS will envelope the AES256 stream making it encrypted twice).
Hah, they would surely flag Anydesk too, as they have flagged AutoHotKey, TinyTask, Macrium Reflect, qBittorrent and other things. Basically everything your "regular" user doesn't use. ("They" of course being heuristics, not actual lists.)Hi ZainT! You don't need any links for the docker version. Plese use the short tutorial above (it's very simple if you have docker already installed, just 2 command lines).
I guess your employers NOC does not flag Anydesk after recent attack on them where the attackers got unattended access to Samsung, Cloudflare, Attlasian and many more
As for security we are again going one step above by adding TPM 2.0 for RSA4096 key generation. This way the symetric AES256 keys will be exchanged using a machine assigned RSA key from the TPM (Remotly will have no access to the private asymetric key). Also all IDs of machines added to the trusted unattended list will be encrypted using TPM2.0 making it impossible for any third party to generate and inject their machine ID as a trusted one and gain hacked access.
We are integrating Remotly with several government institutions. Of course they also were suspicious at first. But after several presentations they have no more objections and are changing Teamviewer and Anydesk to our solution.
We are also going to certificate Remotly for security by one of the major certification organizations.
We are sure that in the near future Remotly will become the most secure remote access software for home and professional use.
Unfortunately the entire company gets treated the same (and without too much info, what I do is not exactly level 1), so they rather like me personally, but they don't like dealing with the warnings coming from my user account. Actually in my mind, the more legit software that triggers warnings the better...
While on the subject, are you thinking about support for security keys (YubiKey in my case)?
No worries, it's easy getting things wrong
Is port 443 needed or could any port be used? I was planning on using 21, 587 and 993.
Hah, they would surely flag Anydesk too, as they have flagged AutoHotKey, TinyTask, Macrium Reflect, qBittorrent and other things. Basically everything your "regular" user doesn't use. ("They" of course being heuristics, not actual lists.)
Unfortunately the entire company gets treated the same (and without too much info, what I do is not exactly level 1), so they rather like me personally, but they don't like dealing with the warnings coming from my user account. Actually in my mind, the more legit software that triggers warnings the better...
While on the subject, are you thinking about support for security keys (YubiKey in my case)?
No worries, it's easy getting things wrong
Is port 443 needed or could any port be used? I was planning on using 21, 587 and 993.
You can use any port of course. But from our tests 443 works in most situations. Still some network inspection tools may be picky about the network data that is sent to the relay. That's why we will add the TLS wrapped version.
Hi ZainT,
The link is also included in the tutorial at the top of this thread. We will update this tutorial as the admin panel has changed and you must enter ports in a new edit box. So you first enter just the IP and in the next field port like this:
443;80;5938
The link is also included in the tutorial at the top of this thread. We will update this tutorial as the admin panel has changed and you must enter ports in a new edit box. So you first enter just the IP and in the next field port like this:
443;80;5938