Why Syspeace uses SHA-2 and important notes for Windows Server 2003 users

As of today, September 2, 2016, we have switched to using a SHA-2 SSL/TLS certificate for this web site, our Syspeace Licenses site used to manage and purchase licenses, as well as our backend server used by the Syspeace application. The SHA-2 hash algorithm is a newer and more robust hash algorithm than SHA-1, as previously used – SHA-1 has been globally deprecated for years, and since the beginning of 2016, no new SHA-1 certificates are issued by trusted Certificate Authorities.

SHA-2 is unsupported in Windows Server 2003 and 2003 R2, leading to the following:

  • Syspeace users on Windows Server 2003 will have to upgrade to a special Windows Server 2003 variant of Syspeace 2.6 that uses a self-signed, privately issued SHA-1 certificate to maintain the current functionality. This version, along with a special information page, has been available for weeks and we have contacted the affected Syspeace users with this information.
  • Access to any of the affected web sites may be restricted from the versions of Internet Explorer compatible with Windows Server 2003. We recommend using an alternative browser like Chrome or Firefox, or a different computer.

For these reasons, the renewal to the new certificate was done at the last moment (our previous certificate expires on September 3, 2016), to give our customers more time to adjust.

Syspeace Windows Server 2003 Support Policy

The current major release of Syspeace (2.x) will continue to be supported on Windows Server 2003 and Windows Server 2003 R2. We may introduce major new releases of Syspeace that will not run or be supported on Windows Server 2003 and Windows Server 2003 R2.

Microsoft’s extended support for Windows Server 2003 and Windows Server 2003 R2 ended on July 14, 2015. Our recommendation is that you, if possible, run a version of Windows Server currently supported by Microsoft and install all critical security fixes.

Syspeace, SHA-2 certificates and Windows Server 2003

Recently, the SSL certificate used for syspeace.com, the Syspeace Licenses site as well as backend Syspeace services was reissued with a signature using the SHA-2 hash algorithm.

The SHA-2 hash algorithm replaces the earlier, deprecated SHA-1 and moving forward is recommended by the CA Security Council.

However, some users on Windows Server 2003 have seen issues using the new certificates, due to Windows Server 2003 as shipped not being able to work with SHA-2 certificates. For this reason, we are reissuing our SSL certificate, now again using the SHA-1 hash algorithm.

We intend to once again move to SHA-2 when it is feasible to do so.

Syspeace 2.5.0 released

Syspeace 2.5.0 introduces the new Detector Provider API for developing “detectors” that plug into Syspeace and can listen for login attempts in additional places. For more information, see the Syspeace Detector SDK.

Alongside Syspeace 2.5.0, the Syspeace reseller model has been improved for both customers and resellers.

Syspeace 2.5.0 also includes new functionality to export and import settings to cut down on configuration time and the ability to put Syspeace in a “dry run” mode by temporarily disabling blocking (useful for diagnostics or what-if scenarios).

Syspeace introduces improved reseller model

With the new reseller model, customers are free to buy licenses from the reseller of their choice, or directly from Syspeace. Customers no longer have to pick a reseller at the time of registration and are free to choose a reseller in their own time. Customers can also buy licenses from different resellers at any time or even have licenses from different resellers active simultaneously.

Resellers are also better served. Every reseller gets access to a discounted version of the same price ladder that provides progressively improving rates with volume for every Syspeace customer. New resellers can enroll directly with Syspeace and do not have to partner with a distribution agent.

For the first time, companies that manage or provide IT services to their clients can follow the same model and get the same benefits as resellers.
They may maintain separate client accounts and still get both the reseller rates and the progressively lower rates Syspeace has always offered.

The new reseller model goes into effect immediately. Existing reseller customers can continue using their licenses and may now also buy licenses from any reseller or directly from Syspeace. Customers do not have to update to the latest version of Syspeace.

We welcome our first new resellers, Italian reseller Web4People and UK reseller Hippo IT Management. They are joined by existing resellers JufCorp (serving the Swedish market) and TSYN (serving the Middle Eastern markets). For more information, see the Syspeace Reseller site. More new resellers will be introduced in the coming weeks.

Documents describing how to become a reseller are available on the Syspeace Reseller site.

IIS FTP and FileZilla Server detectors ready for beta testers

The IIS FTP detector and FileZilla Server detectors are the first of our detectors developed and released using our Syspeace Detector Provider APIs. With these detectors installed, Syspeace can react to failed and successful login attempts from the IIS FTP server (for IIS 7.0 and above) and the FileZilla FTP/SFTP Server.

If you have an IIS FTP server or FileZilla Server and are interested in beta testing, contact us.

System requirements for the IIS FTP detector

  • Syspeace 2.5.2
  • IIS 7.0 and higher
  • Logging enabled

System requirements for the FileZilla FTP/SFTP Server detector

  • Syspeace 2.5.2
  • FileZilla Server 0.9.0 or higher
  • Logging enabled

Syspeace 2.4.1 released

Syspeace 2.4.1 fixes an issue where IP addresses can be mixed up (the IP address is taken from another row) in tables in logs in the administrative interface. In addition, the interface for editing the local blacklist and whitelist has been improved to allow selecting and deleting multiple entries.