Go to All Forums

Security Update - Detailed Update on Intelligence X Tweet

Greetings,

We recently had one of our users raise a few security concerns in Twitter. We consider this an opportunity and our responsibility to detail all our customers about that discussion and further talk about all our security related updates here.

We, at Site24x7, always give the utmost importance to our product security. We have been working on various security features and safeguards to ensure our customer data is secure and no unauthorized access takes place.

Security at the Site24x7 Control Panel (account-level):

At an overall Site24x7 Control Panel, you can enable the Two Factor Authentication (TFA) or Multi Factor Authentication (MFA) to protect the Site24x7 account and ensure no unauthorized access is made to the Site24x7 account.

In addition to this, we also provide options to set IP range restrictions to allow access to the Site24x7 account from within your organization network IPs. The downside of this is, you need to be in your organization network physically or access via a VPN. 

Security for the Site24x7 Server Monitoring agent:

As part of the agent-based approach, we take utmost care in the security of the user environment. The Site24x7 Server Monitoring agents communicate with our data center only via one way outbound HTTPS requests and do not accept any incoming requests. This way, the agent is secured with no contact being made from the cloud systems or from other devices on the network.

The outbound access too can be audited/tracked by forcing the agent to use a proxy to connect to the internet.

Security in place for Site24x7 IT Automation:

IT Automation in Site24x7 Server Monitoring allows you to run a script (shell) based on a threshold breach. We allow uploading a script. This is convenient. However, it is important to understand that this capability is present in Site24x7. The IT Automation feature can be added only by a user with Site24x7 Super Admin/Admin privileges.

On the agent side, we do checksum validations when downloading the IT Automation scripts to ensure integrity.

Further, we are now reworking our agent to split the core monitoring library and automation module library separately. This way, users can exclude IT Automation completely on the agent side. The newer agent should be available soon and will be updated in this thread. 

Security for Site24x7 Network Monitoring:

Our Network Monitoring  feature, part of the On-Premise Poller module, includes Network Performance Monitoring, Bandwidth & Traffic Analysis, Configuration Management, IP Address & Switch Port Management, OpUtils, and Log Analysis. Network monitoring uses an agentless approach to access other devices on the network for monitoring. Network monitoring uses the ports - 8060, 13306, 22 SSHD, 69 TFTP, and 514 Syslog. By default, we now enable all the ports, irrespective of the features used. We are working on restricting this.

Security updates in the last 16 months:

Our team has been consistently working to provide a secured monitoring tool for your IT environment. We will also be adding on the security fixes and enhancements we have done in the last 16 months in this thread shortly. 

Bug bounty program: (Updated)
A brief of the various security aspects of our data center and overall security processes can be found in our security page. We also work and encourage security researchers and ethical hackers to report issues to our bug bounty program.

Let us know for questions, if any, in the below thread.

 

Regards,

Mathangi
 

(Updated on July 12, 2021 for clarity.)

Like (4) Reply
Replies (1)

Hi,

We have upgraded our On-Premise Poller JRE version from Open JDK 8 to Open JDK 11.0.11

For existing agents, please ensure the auto-upgrade option is enabled to automatically upgrade to the new version. The upgrade will take place in a few days. 

 

Regards,

Mathangi

Like (0) Reply

Was this post helpful?