AdminByRequest Security FAQ
AdminByRequest Security FAQ
Section titled “AdminByRequest Security FAQ”Data Transfer and Storage
Section titled “Data Transfer and Storage”How is data transferred to the cloud service?
Section titled “How is data transferred to the cloud service?”Data transfer to the AdminByRequest cloud service is fully explained in our comprehensive documentation. Please also refer to our Service Level Agreement (SLA) in the admin portal for detailed service commitments.
For more information on how Admin By Request meets its compliance obligations and helps your organization do the same, refer to our compliance documentation.
Access Control and Visibility
Section titled “Access Control and Visibility”Who can see devices in my tenant?
Section titled “Who can see devices in my tenant?”The only people who can see devices in your tenant are the primary login that was first used to register with Admin By Request and the users listed in the portal under Logins > User Logins.
Tenant Isolation Features
Section titled “Tenant Isolation Features”| Security Feature | Implementation | Protection Level |
|---|---|---|
| Unique Installer Files | Each tenant receives uniquely signed installers | Prevents cross-tenant device registration |
| License-Based Access | License files apply only to specific tenant installers | Ensures strict tenant separation |
| Platform Coverage | Single license covers Windows, macOS, Linux, and Server clients | Consistent security across all platforms |
| Real-Time Inventory | Only devices from your tenant appear in your inventory | Complete visibility control |
Multi-Tenant Security
Section titled “Multi-Tenant Security”| Aspect | Security Mechanism | Business Impact |
|---|---|---|
| Data Isolation | Complete separation of tenant data | Prevents data leakage between organizations |
| Access Control | Role-based permissions within tenant | Granular control over who can view devices |
| Authentication | Secure login credentials per tenant | Ensures only authorized access |
| Audit Trail | Complete logging of all access attempts | Security monitoring and compliance |
Network Configuration
Section titled “Network Configuration”Which IP addresses are endpoints communicating with?
Section titled “Which IP addresses are endpoints communicating with?”Admin By Request uses port 443 and specific IP addresses and URLs that need access through firewalls.
API Connectivity Requirements
Section titled “API Connectivity Requirements”| Data Location | IP Address | DNS Endpoints |
|---|---|---|
| Europe | 104.45.17.196 | api1.adminbyrequest.com macapi1.adminbyrequest.com linuxapi1.adminbyrequest.com |
| USA | 137.117.73.20 | api2.adminbyrequest.com macapi2.adminbyrequest.com linuxapi2.adminbyrequest.com |
Remote Access Requirements
Section titled “Remote Access Requirements”If you wish to remotely access endpoints using Unattended Access and Remote Support:
| Service | Port | Endpoints |
|---|---|---|
| MQTT Broker Connectivity | 8883 | FastTrackHubEU1.azure-devices.net FastTrackHubUS1.azure-devices.net |
| Unattended Access | 3389 | RDP needs to be enabled on the device |
Privilege Management
Section titled “Privilege Management”How do I let users keep full access, but log what they do?
Section titled “How do I let users keep full access, but log what they do?”Allowing your users to retain full access rights is equivalent to turning off all Admin By Request’s protections.
Important Security Warning: Turning off everything effectively means giving users back their local admin rights. Think about this carefully before doing it.
Configuration for Logging-Only Mode
Section titled “Configuration for Logging-Only Mode”To turn off everything except logging actions to the Auditlog, follow these steps:
| Setting | Configuration | Result |
|---|---|---|
| Authorization | Turn On Allow Run As Admin and Turn Off all other toggles | Users can run as admin but other protections disabled |
| Authorization | Turn On Allow Admin Sessions and Turn Off all other toggles | Users can have admin sessions but no other restrictions |
| Access Time | Set Access time (minutes) to a large number covering most of the day (e.g., 480 minutes = 8 hours) | Extended admin access duration |
| Lockdown | Turn Off Revoke admin rights | Users maintain their admin privileges |
Note: For more information, refer to Windows Settings documentation. You can also check out our video guide for a 10-minute overview on how to accommodate developers or power users.
Data Management and Privacy
Section titled “Data Management and Privacy”Which data is collected?
Section titled “Which data is collected?”Data collection practices are fully explained in our comprehensive documentation. Please also refer to our SLA in the admin portal for detailed service commitments.
For more information on how Admin By Request meets its compliance obligations and helps your organization do the same, refer to our compliance documentation.
How do you store the data?
Section titled “How do you store the data?”Data storage practices are fully explained in our comprehensive documentation. Please also refer to our SLA in the admin portal for detailed service commitments.
For more information on how Admin By Request meets its compliance obligations and helps your organization do the same, refer to our compliance documentation.
Compliance and Regulatory Support
Section titled “Compliance and Regulatory Support”What regulatory frameworks do you support?
Section titled “What regulatory frameworks do you support?”Admin By Request can help you comply with a number of regulatory frameworks, including GDPR, ISO 27001, NIST SP 800-53, DORA and NIS2. We continually assess frameworks for compatibility and use their requirements as one of the inputs to our development process.
| Regulation | AdminByRequest Support | Key Features |
|---|---|---|
| GDPR | Full compliance support | Data protection, audit trails, consent management |
| ISO 27001 | Comprehensive controls | Security management, risk assessment, continuous monitoring |
| NIST SP 800-53 | Complete framework support | Federal security controls, continuous monitoring |
| DORA | Digital operational resilience | Risk management, incident response, digital security |
| NIS2 | Network and information security | Incident reporting, security measures, risk management |
Refer to our compliance documentation for more information.
Are you fully GDPR compliant?
Section titled “Are you fully GDPR compliant?”Yes. For more information on how Admin By Request meets its compliance obligations and helps your organization do the same, refer to our compliance documentation.
Integration and Communication
Section titled “Integration and Communication”Which IP addresses are used to send webhooks?
Section titled “Which IP addresses are used to send webhooks?”The following IP addresses are used to send webhooks:
| Data Location | IP Addresses |
|---|---|
| Europe | 104.40.134.41 and 40.91.214.18 |
| USA | 13.90.244.80 and 40.121.45.3 |
Which IP addresses are used to send notification emails?
Section titled “Which IP addresses are used to send notification emails?”All emails are sent from noreply@fasttracksoftware.com. We use Twilio SendGrid to send emails and the dedicated IP address is: 149.72.185.15.
Security Features and Incident Response
Section titled “Security Features and Incident Response”Can Admin By Request help with stolen computers?
Section titled “Can Admin By Request help with stolen computers?”Yes. AdminByRequest provides several features to assist with stolen computer recovery:
| Recovery Feature | Implementation | Business Value |
|---|---|---|
| Location Tracking | Public IP address captured when stolen computer boots | Provides location data for law enforcement |
| Automatic Reporting | Inventory data uploaded transparently without user login | Immediate tracking when computer is powered on |
| IP Address Logging | Upload time and public IP address visible in client view | Evidence for police investigation |
| ISP Information | Police can obtain owner details from ISP | Facilitates recovery efforts |
Process: Once a stolen machine is booted and communicates with the Inventory, the public IP address of the thief’s router becomes available. The endpoint client does not require anyone to log on to a computer to upload data, so when the thief simply turns on the computer, inventory data is sent transparently. You can now see the public IP address and upload time in your client view and give this to the police.
Security Vulnerability Management
Section titled “Security Vulnerability Management”Have you published any CVEs for Admin By Request?
Section titled “Have you published any CVEs for Admin By Request?”Yes, we have published two CVEs in 2019. These were found by Improsec in September 2019 in the production version 6.1. We notified our customers and released version 6.2 on October 11th 2019 with fixes for these two vulnerabilities.
| CVE Details | Discovery | Resolution |
|---|---|---|
| Two CVEs (2019) | Found by Improsec in September 2019 | Fixed in version 6.2 released October 11th 2019 |
| Customer Notification | Immediate notification to all customers | Proactive security communication |
| Patch Deployment | Automatic update deployment | Rapid protection for all customers |
For more information, refer to our security advisories and vulnerability reports.
Note: We generally have two separate companies run penetration tests before every major release. We also get copies on a monthly basis of clean reports executed secretly by customers.
I’m a Penetration Tester - how do I contact you with findings?
Section titled “I’m a Penetration Tester - how do I contact you with findings?”Please use our contact details page to report your findings.
Note: The scope of a vulnerability has to be escalation of privileges from a non-administrator user to obtain admin rights.
Data Management and Deletion
Section titled “Data Management and Deletion”What happens when I delete a computer?
Section titled “What happens when I delete a computer?”All collected data associated with the computer is deleted.
Important Note: When a computer is deleted from the Inventory, make sure that its endpoint client software is removed. If the computer is subsequently powered on with a network connection, and the endpoint client is still installed, the computer will show up again and re-upload inventory data.
Data Deletion Process
Section titled “Data Deletion Process”| Step | Action | Result |
|---|---|---|
| Computer Deletion | Remove computer from portal inventory | Immediate data removal from portal |
| Client Removal | Uninstall endpoint client software | Prevents data re-upload |
| Verification | Confirm computer no longer appears in inventory | Complete data removal confirmed |
Security Best Practices
Section titled “Security Best Practices”Recommended Security Configurations
Section titled “Recommended Security Configurations”| Practice | Implementation | Security Benefit |
|---|---|---|
| Regular Updates | Keep client software current | Protection against known vulnerabilities |
| Network Segmentation | Restrict access to required IP addresses only | Reduced attack surface |
| Audit Log Monitoring | Regular review of privileged activities | Early threat detection |
| Access Control | Implement principle of least privilege | Minimized exposure to risks |
Incident Response Planning
Section titled “Incident Response Planning”| Component | Recommendation | Purpose |
|---|---|---|
| Monitoring | Real-time alerting for suspicious activities | Rapid threat detection |
| Documentation | Maintain current inventory and configuration data | Effective incident response |
| Testing | Regular security testing and validation | Proactive vulnerability identification |
| Recovery | Backup and recovery procedures | Business continuity assurance |
Key Takeaway: AdminByRequest maintains comprehensive security controls including data encryption, tenant isolation, regulatory compliance, and proactive vulnerability management to ensure the highest levels of security and privacy for customer data.
Conclusion
Section titled “Conclusion”AdminByRequest is designed with security as a foundational principle, implementing multiple layers of protection including data encryption, tenant isolation, comprehensive audit trails, and regulatory compliance support. Our commitment to transparency is demonstrated through regular security assessments, vulnerability disclosure programs, and detailed documentation of our security practices.
The combination of robust technical controls, compliance with major regulatory frameworks, and proactive security management ensures that AdminByRequest provides a secure, reliable platform for endpoint privilege management while maintaining the highest standards of data protection and privacy.