This post features our November and December releases.
We know you’d rather be spending your time drinking eggnog by the fire instead of reading about Boring security, but here we go anyways.
For those of you focused on cyber-security this is our gift to you this holiday season.
Our Winter Release puts enterprise and government security optimizations in the limelight and will provide greater flexibility in securing your Milestone / Boring Lab deployments.
Both Boring Toolbox client and server complete have received an upgrade to XProtect 2020 R3 SDK.
With this new version of SDK we now have the ability to be FIPS 140-2 compliant and support end to end encrypted deployments of Milestone XProtect.
Upgrading to 2020 R3 SDK brought with it some other necessary upgrades to the Boring Toolbox Client:
Aside from being necessary, these upgrades will introduce slight performance and security optimizations to the application.
The one super tiny downside of the 64-bit move is that existing users of the Boring Client will be required to re-license the Boring Toolbox Client again. We tried to find a solution around this but alas, there was none to be found.
For you admins who have decided to protect your XProtect installations with certificates and end to end encryption, including both the management and recording servers, rejoice!
With the upgrade to the new XProtect SDK we now support Milestone XProtect deployments that are encrypted with certificates.
This allows you to realize all the time savings and efficiencies of Boring Toolbox but with the security of an enterprise grade, encrypted VMS.
Our original release of scheduled reports only allowed for the reports to be downloaded via http. By popular demand, you now have the option to turn on HTTPS on when downloading your scheduled reports so that they are not transferred openly on the network.
This is still an option and you will need to provide your own SSL certificate to avoid clicking through a security warning.
While all versions of the Boring Toolbox have always supported TLS 1.2, where available, our most recent optimizations will force the use of the highest level of encryption available on the IIS server.
That means that if TLS 1.2 is configured on IIS we will use that or if, in the future, TLS 1.3 comes out, we will use that.
While sensitive data at rest has always been encrypted, the winter release now supports industry-standard AES-256 encryption throughout.
“In fact, 2256 is 2128 times bigger than 2128.”
In a 1Password blog from 2013 the author breaks down how doubling the key length from 128-bit to 256 -bit makes it nearly impossible for someone to decrypt your data.
To meet the needs of enterprise and government customers required to comply with FIPS 140-2, we have made necessary optimizations that will allow the Boring Toolbox to meet FIPS requirements.
These developments include the features listed above. The result allows our customers to use the Boring Toolbox on Windows systems with FIPS 140-2 compliant mode enabled.
We added additional validations for Hanwha and Samsung password complexity, now requiring the following:
One request we had often was having our Boring Toolbox licenses apply to the whole machine instead of per user.
Since updating to 64-bit required a re-licensing of the Boring Toolbox we took this opportunity to update the license so that it applies to any user that logs into the machine instead of per each user.
Your go-to XProtect eXPerts. We learn the technical stuff that will save you time and make it less boring.
Your go-to XProtect eXPerts. We learn the technical stuff that will save you time and make it less boring.
Don't have Boring Toolbox yet?
Getting Started with The Boring Toolbox #3: Learn about the various health monitoring insights and features you will find on…
Getting Started #2: Learn how to configure your parent and managed sites as well as connect Boring to Milestone XProtect…
Getting Started #1: This tutorial will teach you how to install The Boring Toolbox on your server and client.
Subscribe to get a monthly dose of security & surveillance industry news and insights, Milestone VMS time-saving tricks, tips for hacking your way out of boring work sent directly to your inbox!
