At Site24x7, customer security is of utmost importance and something that we take very seriously. Before any new feature is released, the Standard protocol is to apply security best practices from all angles for the feature, and after we receive clearance from every security level with no vulnerabilities, only then does the feature proceed to a GA release for customers.
Following are the security measures we have taken towards the Live Terminal feature:
1. The feature can only be accessed by the Super Admin and Admin user roles in Site24x7.
2. If a user does not want to use this feature, it can simply be disabled in the account by navigating to Admin -> Server Monitor -> Settings -> Disable Live Terminal (Removed now).
3. Only one Live Terminal connection is allowed per Server Monitor.
4. If a session stays idle for more than 2 minutes, it will be timed out and closed automatically. This is applicable for a continuous command as well.
5. Agent level security - Commands passed in live terminal are given to agent. Agent in turn executes the commands via user 'site24x7-agent' present in the server. Only commands will be executed under scope of 'site24x7-agent' user.
We are also analyzing to provide this feature with additional Security level to connect the feature Live Terminal like OTP enabled, verifying Site24x7 Account Password etc.
Site24x7's Web Client and its Data Center Security:
Site24x7's web client security framework is aligned with ISO 27001:2013 and OWASP standards to ensure no security risks like cross-site scripting and security misconfigurations occur.
As with our data centers, they are hosted in some of the most secure facilities that are well protected from physical and logical attacks as well as natural disasters.
1. The data centers are guarded seven days a week, 24 hours a day, each and every day of the year by private security guards.
2. Each data center is monitored 7x24x365 with night vision cameras.
3. Biometric and Two-Factor Authentication must be used to enter the data center
4. Zoho servers are located inside generic-looking, undisclosed locations and guarded safely inside bullet-resistant walls
To read on our network security, and other best practices for managing security and data protection risk, refer our security document.
To know more about Site24x7 Security Practices, Policies & Infrastructure.
For any further queries, please reply the post.