We understand how important security and reliability are when it comes to keeping your business operations safe and always running. That’s why Issuetrak is loaded with built-in security measures that address a variety of vulnerabilities common to web-based applications.
cloud reliability + infrastructure
Reliability and security are important aspects of any successful business. As a business partner, we value the data and security of our customers. We leverage world-class hosting facilities provided by Amazon Web Services to deliver the best possible web experience to our customers.
- Physical access is routinely audited
- Authorized employees are challenged with two-factor authentication at least twice before being provided access to data center floors
- Around-the-clock interior and exterior surveillance
- Intrusion detection systems
- Unmarked facilities to help maintain low profile
- Physical security audited by an independent firm
- Data centers are fed power via different grids from independent utilities
- N+1 redundant UPS power subsystem with on-site generators
- N+1 redundant HVAC system
- Advanced fire suppression systems
- Multiple network paths with multiple service providers
- Regularly exceeds 99.96% uptime
system security and monitoring
- Website, ping, and port monitoring
- Server vital statistic monitoring (CPU, Memory, Disk, Network)
- SQL Server Severity alerts
- Windows Event Viewer alerts
- System Auditing
- Secure Socket Layer (SSL) encryption enforced on all sites
- Monitoring/security information restricted to limited authorized personnel
- Server event auditing
- Physical database integrity checks every night
- Logical database integrity checks every week
- Update database statistics every night
- Reorganize fragmented database indexes every night
disaster recovery and data security
- Our Disaster Recovery (DR) plan relies upon infrastructure-as-code automation deployment
- Recovery Time Objective (RTO) and Recovery Point Objective (RPO) within 4 hours
- Daily Elastic Block Storage (EBS) snapshots archived to Amazon Simple Storage Service (S3)
- Encryption at rest and transport
- Weekly Amazon Machine Images (AMI) are archived to S3
- Single tenant databases per customer
- Encrypted full database backups are taken daily and transferred to an encrypted S3 bucket
- Encrypted transaction log database backups are taken and transferred to S3 every 15 minutes
- Web data is synchronized throughout the day to secondary secure data storage in S3
- Network Traffic isolation
- Each function is isolated to a different subnet
- Nonconformant network traffic is rejected by firewall rules
- Customer traffic is managed separately from administrative traffic
- Network Access Control Lists (NACL) are used in conjunction with security groups
- Virtual Private Network (VPN) configured for support and maintenance access
security & prevention
- Cross-Site Scripting (XSS) Protection
- Encrypted UserIDs in HTTP Requests (POST)
- Buffer (Integer) Overflow Protection
- Ability to disable Form Caching (optional)
- Prevents hackers from accessing cached form field values
- Blocks multiple Users sharing a workstation from seeing cached form field values entered by other Users
- Secure Client Side Cookies
- Click-jacking Prevention and Security Measures (optional)
- Built in SQL Injection Prevention
- Cross-Site Referencing Forgery (CSRF) Security Measures (optional)
multiple encryption options
- Database Encryption provided through the SQL Server’s Data Encryption capabilities
- Supports usage of an SSL/TLS to encrypt network traffic
- Database Connection String Encryption via DPAPI (Data Protection Application Programming Interface) – DPAPI is a cryptographic application programming interface available as a built-in component in Microsoft Windows operating systems.
responsible development practices
- Security auditing via network and application penetration testing
- Vulnerability analysis and application scanning
- Code assessment via analysis tools and peer reviews
- Agile workflows for quick identification and resolution of vulnerabilities
- Regular updates released, ensuring customers the latest application and security innovation
user access control & segmentation
- Roles and permissions – More than 55 permissions focused on access control
- Configuration options to segment access and visibility via Organizations, Departments, or Groups
- Private data fields accessible only by permission
- Issue Audit logging
- Restricted Searching and Reporting capabilities
- Customizable Password Policy
- Password Self Service [SS1]
- Configurable Password Complexity [SS2]
- Application user account passwords are secure with the NIST-recommended PBKDF-2 function, with an iteration count that exceeds current recommended standards, and that continues to increase automatically as time progresses.
- For each new password stored, a new, cryptographically random 64-byte salt is generated and supplied to the function along with the plaintext password.
- The hash used in the function is SHA-512.
- Password hashes are retained only as long as the site administrator has configured, and plaintext passwords are never sent to the database.
- Passwords for connecting to external servers (such as mail servers and Active Directory servers) are encrypted with AES-256 in CTR mode using HMAC for authentication, using the SHA-384 algorithm.
- Keys are generated as sets of cryptographically random 32-bytes.
- During use, these keys are stored as DPAPI-encrypted nodes within the ASP.NET website’s “web.config” file.
- All encryption libraries used are professionally audited.
active directory user authentication
- Encrypt all data exchanged between your Active Directory (AD) and Issuetrak servers using the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) option.
- Requires valid LDAP over SSL (LDAPS) certificate installed on your Domain Controller (DC)
- Requires DNS and port settings configured within your network
- Requires AD module and AD server settings configured within Issuetrak site (supports multiple domains)
- Compatible with Common Access Cards (CAC) and Smart Cards to control Issuetrak User access and information
Reporting security questions or concerns
Issuetrak aims to keep its product and services safe for everyone, and data security is our utmost priority. If you are a security researcher and have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.
We ask that you keep your findings confidential and do not share or publicize any unresolved vulnerabilities with/to third parties. If you submit a vulnerability report, the Issuetrak security team and associated development teams will use reasonable efforts to:
- Respond in a timely manner, acknowledging receipt of your vulnerability report
- Investigate the reported issue and provide feedback
- Seek your guidance in identifying or replicating the report issue
- Let you know when the vulnerability you've identified has been fixed
Please contact us at firstname.lastname@example.org with any relevant information so we can investigate security issues immediately.