issuetrak security

We understand how important security and reliability are when it comes to keeping your business operations safe and always running. That’s why Issuetrak is loaded with built-in security measures that address a variety of vulnerabilities common to web-based applications.

cloud reliability + infrastructure

Reliability and security are important aspects of any successful business. As a business partner, we value the data and security of our customers. We leverage world-class hosting facilities provided by Amazon Web Services to deliver the best possible web experience to our customers.

physical security

  • Physical access is routinely audited
  • Authorized employees are challenged with two-factor authentication at least twice before being provided access to data center floors
  • Around-the-clock interior and exterior surveillance
  • Intrusion detection systems
  • Unmarked facilities to help maintain low profile
  • Physical security audited by an independent firm

environment continuity

  • Data centers are fed power via different grids from independent utilities
  • N+1 redundant UPS power subsystem with on-site generators
  • N+1 redundant HVAC system
  • Advanced fire suppression systems
  • Multiple network paths with multiple service providers
  • Regularly exceeds 99.96% uptime

system security and monitoring

  • Website, ping, and port monitoring
  • Server vital statistic monitoring (CPU, Memory, Disk, Network)
  • SQL Server Severity alerts
  • Windows Event Viewer alerts
  • System Auditing
  • Secure Socket Layer (SSL) encryption enforced on all sites
  • Monitoring/security information restricted to limited authorized personnel
  • Server event auditing

data maintenance

  • Physical database integrity checks every night
  • Logical database integrity checks every week
  • Update database statistics every night
  • Reorganize fragmented database indexes every night

disaster recovery and data security

  • Our Disaster Recovery (DR) plan relies upon infrastructure-as-code automation deployment
  • Recovery Time Objective (RTO) and Recovery Point Objective (RPO) within 4 hours
  • Daily Elastic Block Storage (EBS) snapshots archived to Amazon Simple Storage Service (S3)
  • Encryption at rest and transport
  • Weekly Amazon Machine Images (AMI) are archived to S3
  • Single tenant databases per customer
  • Encrypted full database backups are taken daily and transferred to an encrypted S3 bucket
  • Encrypted transaction log database backups are taken and transferred to S3 every 15 minutes
  • Web data is synchronized throughout the day to secondary secure data storage in S3

network security

  • Network Traffic isolation
    • Each function is isolated to a different subnet
    • Nonconformant network traffic is rejected by firewall rules
    • Customer traffic is managed separately from administrative traffic
  • Network Access Control Lists (NACL) are used in conjunction with security groups
  • Virtual Private Network (VPN) configured for support and maintenance access

issuetrak security

Issuetrak is loaded with built-in security measures that address a variety of vulnerabilities common to web-based applications. These built-in security precautions are virtually invisible to your Users, ensuring no impact to the User experience.

security & prevention

  • Cross-Site Scripting (XSS) Protection
  • Encrypted UserIDs in HTTP Requests (POST)
  • Buffer (Integer) Overflow Protection
  • Ability to disable Form Caching (optional)
    • Prevents hackers from accessing cached form field values
    • Blocks multiple Users sharing a workstation from seeing cached form field values entered by other Users
  • Secure Client Side Cookies
  • Click-jacking Prevention and Security Measures (optional)
  • Built in SQL Injection Prevention
  • Cross-Site Referencing Forgery (CSRF) Security Measures (optional)

multiple encryption options

  • Database Encryption provided through the SQL Server’s Data Encryption capabilities
  • Supports usage of an SSL/TLS to encrypt network traffic
  • Database Connection String Encryption via DPAPI (Data Protection Application Programming Interface) – DPAPI is a cryptographic application programming interface available as a built-in component in Microsoft Windows operating systems.

responsible development practices

  • Security auditing via network and application penetration testing
  • Vulnerability analysis and application scanning
  • Code assessment via analysis tools and peer reviews
  • Agile workflows for quick identification and resolution of vulnerabilities
  • Regular updates released, ensuring customers the latest application and security innovation

active directory user authentication

  • Encrypt all data exchanged between your Active Directory (AD) and Issuetrak servers using the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) option.
    • Requires valid LDAP over SSL (LDAPS) certificate installed on your Domain Controller (DC)
    • Requires DNS and port settings configured within your network
    • Requires AD module and AD server settings configured within Issuetrak site (supports multiple domains)
  • Compatible with Common Access Cards (CAC) and Smart Cards to control Issuetrak User access and information

user access control & segmentation

  • Roles and permissions – More than 55 permissions focused on access control
  • Configuration options to segment access and visibility via Organizations, Departments, or Groups
  • Private data fields accessible only by permission
  • Issue Audit logging
  • Restricted Searching and Reporting capabilities
  • Customizable Password Policy
    • Password Self Service [SS1]
    • Configurable Password Complexity [SS2]
  • Application user account passwords are secure with the NIST-recommended PBKDF-2 function, with an iteration count that exceeds current recommended standards, and that continues to increase automatically as time progresses.
    • For each new password stored, a new, cryptographically random 64-byte salt is generated and supplied to the function along with the plaintext password.
    • The hash used in the function is SHA-512.
    • Password hashes are retained only as long as the site administrator has configured, and plaintext passwords are never sent to the database.
  • Passwords for connecting to external servers (such as mail servers and Active Directory servers) are encrypted with AES-256 in CTR mode using HMAC for authentication, using the SHA-384 algorithm.
    • Keys are generated as sets of cryptographically random 32-bytes.
    • During use, these keys are stored as DPAPI-encrypted nodes within the ASP.NET website’s “web.config” file.
  • All encryption libraries used are professionally audited.

Take issuetrak for a test drive.