Security is always a concern for us and our clients, and we're always asked on the forum to implement new features to enhance security. In ScreenConnect 4.4, we've rolled out the ability to use a more intelligent, granular timeout capability to reduce the chance of your site being compromised. We've also made the IP Security module included out of the box (this was an optional modification previously). This module allows admins to restrict access to certain resources (primarily the host and admin pages) to certain IPs.
You can download the pre-release of ScreenConnect 4.4 here.
The need: time out inactive hosts/admins to decrease the chance of those resources being compromised. In addressing this, we decided that the general, all-encompassing timeout idea wouldn't fit the the typical usage model. A higher threshold of security would probably be necessary for the admin page, depending on the user's configuration. Thus we introduce resource-specific timeouts.
In the web.config file, you can adjust a few new keys on a per-page level. Take note of "MaxLongestTicketReissueIntervalSeconds," which allows us to set, in seconds, how long the user can remain idle (including mouse activity) while on this resource (in this case, Administration.aspx):
<add key="MaxLongestTicketReissueIntervalSeconds" value="1800" />
<add key="MinAuthenticationFactorCount" value="0" />
<add key="RestrictToIPs" value="" />
<add key="BlockIPs" value="" />
As you can see, we've included other security features out of the box to give you more flexibility while protecting each resource -- restrict access to a certain page by the user's IP, blocking IPs, etc.