Operational Security & Maintenance
Does PrivX provide logging capabilities and will log syntax documentation including instructions on good practices for monitoring be provided?
Yes, information such as log syntax documentation and instructions on good practices for monitoring will be provided to ensure you are capturing the appropriate data for event generation.
Will my critical data be encrypted at both in transit and at rest?
Yes, all critical or sensitive data that is processed/generated by PrivX is encrypted during transit and at rest.
Is it possible to back up the configuration data and easily restore it when required?
Yes, the solution supports backup of configuration data and a simple restore procedure.
Will software patches and updates be made available?
Yes, the solution is maintainable with regular updates and new version releases which are provided via major and minor releases.
Does PrivX support reporting of system health and maintenance information?
Yes, reporting of system health and maintenance information is supported via the UI and event logs.
How does PrivX uphold the Integrity of and access to log and audit file?
A number of methods are employed to ensure the integrity and secure access of audit log's, session recording and data deemed to be critical or sensitive e.g. via encryption and limiting access and visibility of data such as session recordings to within PrivX only.
What are the best practices for publishing PrivX to users over Internet?
Best practices or rules are similar to those that apply to any externally facing web application holding/providing access to critical or sensitive data:
Deploy PrivX behind a Web Application Firewall (WAF) or a similar layer 7 defence mechanism which can monitor and limit traffic to mitigate the risk of DOS/DDOS attacks. PrivX has built-in functionality to throttle login attempts however a WAF is recommended to ensure such attacks are detected/packets dropped before they can reach the application.
In addition deploy PrivX behind a load balancer which terminates TLS for end users.
For native clients & bastioned access it is recommended to limit the access based on source IP/network segments.
Enable Multi Factor Authentication (MFA) for all users or at a minimum those who login into PrivX from remote locations/over the internet.