TLS Security Updates

Deprecating TLS 1.0 and 1.1 from Lucidity systems

Lucidity has been looking to remove an older technology system from our platform (called TLS 1.0/1.1)

This process will ensure ongoing privacy of customer data and be in line with modern business compliance requirements. Like other IT providers, this platform change is designed to stop older computers and devices that are not secure from connecting to our systems and compromising your data.

Lucidity has planned the technical work and customer impact of this system change, and have put together the following information to answer any questions you may have related to the removal of TLS protocol from our systems. A lot of providers have already gone through these TLS changes over the past year. Lucidity have been carefully monitoring the impact to our clients, as some users are still using older Windows 7 computers and could be affected by this change.

Our team have been working with hardware and software vendors to source patches and updates for our customers computer equipment to ensure we can help our customers stay modern with their systems.

What is TLS?

TLS is a technology used in securing things on the internet.

It came about many years ago and has become the standard technology that providers like Microsoft and Lucidity use to secure communications between your computers and our systems.

For example, when you go to a banking website and the padlock icon comes up in your browser, that is a form of TLS/SSL security that IT systems use to keep your information exchange secure.

What is changing, and why?

Unfortunately, older versions of the TLS technology have been found to have vulnerabilities and are no longer considered safe in the industry.

IT Service providers like Lucidity need to look at removing this old protocol from our systems to ensure all our customers connect over the modern TLS versions, ensuring their data security.

There are numerous reasons to retire these old protocols which is why this change is happening right across the industry.

Will I be affected?

As of September 6, 2017, taIf you are accessing Lucidity systems on a computer that was purchased before early 2013 (8+ years old) and your computer runs Windows 7 or MAC OS X 10.11 (El Capitan) or earlier, you could have issues connecting to our services. These Operating Systems are no longer under mainstream support from their vendors, Microsoft or Apple.

Lucidity strongly recommends you use a computer with Windows 10 OS, or MAC OS X 10.9 to securely connect to Lucidity and other Internet services.

If you need to continue accessing Lucidity systems on older platforms, read on for possible solutions for your different devices.

If you access Lucidity systems from a computer running Windows 10 or a MAC running OS X 10.9 or above, you will not be affected by the TLS changes.he following Windows subscriptions include virtualization rights for dedicated as well as multitenant hardware in data centers managed by Authorised QMTH Partners.

How does this affect you?

As mentioned above, older versions of this TLS technology contain security vulnerabilities, and the industry has moved on to using newer versions of the technology without these problems.

TLS 1.0 and 1.1 have been deprecated, and now TLS 1.2 is the current standard that is compliant in the industry (TLS 1.3 is the latest version and will become the new standard).

As these 1.0 and 1.1 versions of TLS become less commonly used, most IT service providers around the world are phasing these protocols out to ensure they are as secure as they can be when hosting customer data.

Microsoft turned off their support for the older versions of TLS in October 2018, and many other IT providers have updated their systems to block the older insecure protocols.

Lucidity shut down support for the older TLS 1.0 and TLS 1.1 in Q2 2019. Certain older computers and systems that are not patched will no longer be able to access Lucidity’s Managed Desktop at this point.

Replace your computer

If you are affected by this issue, chances are your computer is 7+ years old running an old, insecure operating system. Lucidity strongly recommend you to consider replacing the old computer with a more modern machine running Windows 10. Computers of today perform almost infinitely better when compared with old computers with spinning disks.

Lucidity provide a range of options for low cost modern Windows 10 devices and can provide all levels of support with our Cloud Cover platform. Read more about options on our Hardware page.

Talk to your Lucidity Account Manager, we have plenty of options around replacing computers including renting or leasing devices.

Managed Desktop Web Access

Lucidity have made available a web browser version of our Managed Desktop client access solution. This allows you to launch Managed Desktop inside a tab in your web browser (as opposed to the usual connection method using the Remote Desktop Client). The solution does have some limitations compared to the full Remote Desktop client, but it is there as an alternative solution to access the desktop if required. If you want to try this option, reach out to your Lucidity Account Manager.
Contact Us

Patches for Windows 7

In the first instance, Lucidity strongly suggests either updating your existing computer to Windows 10, or replacing your computer with a modern Windows 10 device.  This will ensure that you have no problems with security around TLS.

If you are still running Windows 7 on your PC, there are patches available to apply to your machine to make it comply with industry wide TLS changes.  This is a positive workaround for companies with old computers, but does not safeguard against further changes around security; it is still the best protocol to be running Windows 10 on your computer.

For Windows 7 patches, please refer to the below links:

Prerequisite Hotfix – Needs to be installed before the RDP 8.0 update KB below

Adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1
Update for Windows 7 for x64-based Systems (KB2574819)    – x64 Version
https://www.microsoft.com/en-us/download/details.aspx?id=35391  – x86 Version

Remote Desktop Protocol (RDP) 8.0 update for Windows 7 and Windows Server 2008 R2 – KB2592687

Remote Desktop Protocol (RDP) 8.0 update for Windows 7 and Windows Server 2008 R2
Update for Windows 7 for x64-based Systems (KB3080079)   – x64 Version
Update for Windows 7 (KB2592687) – x86 Version

Update to add RDS support for TLS 1.1 and TLS 1.2 in Windows 7 or Windows Server 2008 R2 – KB3080079

Update to add RDS support for TLS 1.1 and TLS 1.2 in Windows 7 or Windows Server 2008 R2
Microsoft®Update Catalog (kb3140245)

Once your Windows 7 machine is patched, this utility needs to be run to disable the older TLS protocols:

Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows

Having trouble?

Contact a Lucidity representative for assistance

Contact a representative

References

Here are links to other system vendors who have announced updates to their TLS security.
If you use these services along with Lucidity services, there may be more information that  relates to your scenario within these reference articles.

 

If you are in doubt about any of this, please contact Lucidity and we can help you with a solution.

Contact a representative