Hosted Help Desk Security
Question:
We are hosted client and looking to expand our usage of JitBit.
How should we be thinking about security of content stored in JitBit on our account. Obviously, if a user/technician/administrator id/password is obtained, access to the underlying data in JitBit is available. However, how is the data/content in JitBit protected from web spiders, bots, worms and hackers that are able to, basically, vacuum up data from websites. I would not want our hosted content in JitBit to be searchable and/or accessible.
Answer:
No data is accessible in the Helpdesk app without being authenticated with a login/password combination (except for the KB base which is publicly available, if you allow this in the settings). If a bot/worm tries to "guess" a password combination - the app detects this and blocks the IP address for 20+ minutes, which makes it impossible to "brute-force" a password combination (it will take literally years to guess it).
We also have an attack-detection mechanism, that spots dangerous HTTP-requests (containing XSS-scripts or SQL-injection attempts, uploading suspicious files etc.) which also block suspicious users IP addresses. On top of that we are also protected by CloudFlare CDN which adds an extra layer of security, we're paying them for an "enterprise" pricing plan ( https://www.cloudflare.com/ )
We are hosted client and looking to expand our usage of JitBit.
How should we be thinking about security of content stored in JitBit on our account. Obviously, if a user/technician/administrator id/password is obtained, access to the underlying data in JitBit is available. However, how is the data/content in JitBit protected from web spiders, bots, worms and hackers that are able to, basically, vacuum up data from websites. I would not want our hosted content in JitBit to be searchable and/or accessible.
Answer:
No data is accessible in the Helpdesk app without being authenticated with a login/password combination (except for the KB base which is publicly available, if you allow this in the settings). If a bot/worm tries to "guess" a password combination - the app detects this and blocks the IP address for 20+ minutes, which makes it impossible to "brute-force" a password combination (it will take literally years to guess it).
We also have an attack-detection mechanism, that spots dangerous HTTP-requests (containing XSS-scripts or SQL-injection attempts, uploading suspicious files etc.) which also block suspicious users IP addresses. On top of that we are also protected by CloudFlare CDN which adds an extra layer of security, we're paying them for an "enterprise" pricing plan ( https://www.cloudflare.com/ )
Get help for this page
Jitbit HelpDesk