Over the coming months, Lucidity will be looking to remove an older technology system from our platform (called TLS 1.0/1.1).  This will ensure ongoing privacy of customer data and be in line with modern business compliance requirements.  Like other IT providers, this planned platform change is designed to stop older computers and devices that are not secure from connecting to our systems and compromising your data.

Lucidity have been planning the technical work and customer impact of this system change and have put together the following information to answer any questions you may have related to the removal of TLS protocol from our systems. A lot of providers have already gone through these TLS changes over the past year.  Lucidity have been carefully monitoring the impact to our clients, as some users are still using older Windows 7 computers and could be affected by this change.

Our team have been working with hardware and software vendors to source patches and updates for our customers computer equipment to ensure we can help our customers stay modern with their systems.  You can read more information below about these TLS changes, why they are needed and how this affects you and your business.

What is TLS?

TLS is a technology used in securing things on the internet.

It came about many years ago and has become the standard technology that providers like Microsoft and Lucidity use to secure communications between your computers and our systems.

For example, when you go to a banking website and the padlock icon comes up in your browser, that is a form of TLS/SSL security that IT systems use to keep your information exchange secure.

 

Whats changing, and why?

Unfortunately, older versions of the TLS technology have been found to have vulnerabilities and are no longer considered safe in the industry.

IT Service providers like Lucidity need to look at removing this old protocol from our systems to ensure all our customers connect over the modern TLS versions, ensuring their data security.

There are numerous reasons to retire these old protocols which is why this change is happening right across the industry.

At the bottom of this page, we provide links to other providers making these changes to help you understand if your local computer equipment is affected by these changes.

How does this affect you?

As mentioned above, older versions of this TLS technology contain security vulnerabilities, and the industry has moved on to using newer versions of the technology without these problems.

TLS 1.0 and 1.1 have been deprecated, and now TLS 1.2 is the current standard that is compliant in the industry.

As these 1.0 and 1.1 versions of TLS become less commonly used, most IT service providers around the world are phasing these protocols out to ensure they are as secure as they can be when hosting customer data.

Microsoft turned off their support for the older versions of TLS in October last year, and many other IT providers have updated their systems to block the older insecure protocols.

Lucidity are aiming to shut down support for the older TLS 1.0 and TLS 1.1 in Q2 2019 (April 2019 – July 2019).  Certain older computers and systems that are not patched will no longer be able to access Lucidity’s Managed Desktop at this point.

Lucidity have been actively researching solutions to help our customers transition to compliant systems before we make this system wide change.

 

Will I be affected?

If you are accessing Lucidity systems on a computer that was purchased before early 2013 (6+ years old) and your computer runs Windows 7 or MAC OS X 10.11 (El Capitan) or earlier, you could have issues connecting to our services.  These Operating Systems are no longer under mainstream support from their vendors, Microsoft or Apple.

Lucidity strongly recommends you use a computer with Windows 10 OS, or MAC OS X 10.9 to securely connect to Lucidity and other Internet services.

If you need to continue accessing Lucidity systems on older platforms, read on for possible solutions for your different devices.

If you access Lucidity systems from a computer running Windows 10 or a MAC running OS X 10.9 or above, you will not be affected by the TLS changes.

What should I do if I think I may be affected?

Lucidity have been monitoring the users connecting to our system and can see that older non updated computers are still connecting to our systems.  This is why we haven’t pushed ahead and made these changes already.  Lucidity engineers have been looking into solutions to help our customers overcome this issue.

 

Patches for Windows 7

In the first instance, Lucidity strongly suggests either updating your existing computer to Windows 10, or replacing your computer with a modern Windows 10 device.  This will ensure that you have no problems with security around TLS.

If you are still running Windows 7 on your PC, there are patches available to apply to your machine to make it comply with industry wide TLS changes.  This is a positive workaround for companies with old computers, but does not safeguard against further changes around security; it is still the best protocol to be running Windows 10 on your computer.

For Windows 7 patches, please refer to the below links:

Prerequisite Hotfix – Needs to be installed before the RDP 8.0 update KB below

https://support.microsoft.com/en-nz/help/2574819/an-update-is-available-that-adds-support-for-dtls-in-windows-7-sp1-and
http://www.microsoft.com/downloads/details.aspx?familyid=d720764e-215d-4805-b27e-1a14c8a86c39    – x64 Version
http://www.microsoft.com/downloads/details.aspx?familyid=c2deef22-bfd1-43f6-b554-ae15c902d0f4       – x86 Version

Remote Desktop Protocol (RDP) 8.0 update for Windows 7 and Windows Server 2008 R2 – KB2592687

https://support.microsoft.com/en-us/help/2592687/remote-desktop-protocol-rdp-8-0-update-for-windows-7-and-windows-serve
https://www.microsoft.com/en-us/download/details.aspx?id=49061   – x64 Version
https://www.microsoft.com/en-us/download/details.aspx?id=35393   – x86 Version

Update to add RDS support for TLS 1.1 and TLS 1.2 in Windows 7 or Windows Server 2008 R2 – KB3080079

https://support.microsoft.com/en-nz/help/3080079/update-to-add-rds-support-for-tls-1-1-and-tls-1-2-in-windows-7-or-wind
http://www.catalog.update.microsoft.com/search.aspx?q=kb3140245
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/04/windows6.1-kb3140245-x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu   – x64 Version
http://download.windowsupdate.com/c/msdownload/update/software/updt/2016/04/windows6.1-kb3140245-x86_cdafb409afbe28db07e2254f40047774a0654f18.msu   – x86 Version

 

Once your Windows 7 machine is patched, this utility needs to be run to disable the older TLS protocols:

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi#easy

 

Managed Desktop Web Access

Lucidity have made available a web browser version of our Managed Desktop client access solution.  This allows you to launch Managed Desktop inside a tab in your web browser (as opposed to the usual connection method using the Remote Desktop Client).  The solution does have some limitations compared to the full Remote Desktop client, but it is there as an alternative solution to access the desktop if required.

If you would like to try this solution, and you are a Managed Desktop client, you can click here to launch this Web Access Client solution using your normal credentials.  If you want to understand this option more, reach out to your Lucidity Account Manager.

 

Replace your Computer

If you are affected by this issue, chances are your computer is 7+ years old running an old, insecure operating system.  Lucidity strongly recommend you to consider replacing the old computer with a more modern machine running Windows 10.  Computers of today perform almost infinitely better when compared with old computers with spinning disks.

Lucidity provide a range of options for low cost modern Windows 10 devices and can provide all levels of support with our Cloud Cover platform.  Read more about options on our Hardware page.

Talk to your Lucidity Account Manager, we have plenty of options around replacing computers including renting or leasing devices.

References

Here are links to other system vendors who have announced updates to their TLS security.
If you use these services along with Lucidity services, there may be more information that  relates to your scenario within these reference articles.

 

If you are in doubt about any of this, please contact Lucidity and we can help you with a solution.