Cloud monitoring security
Uptrends Infra has been built with maximum security in mind, because we realize how important the confidentiality of your data is. We appreciate that our customers need to understand how we are maintaining a secure monitoring platform, before they entrust us with sensitive information. This document describes the security features that are incorporated into the heart of the product.
The Uptrends Infra web application uses the Secure Socket Layer (SSL) protocol to encrypt all data between the client (your browser) and the server. The UptrendsInfra.com domain uses an extended validation certificate with a safe keysize of 2048 bits. You can verify this by checking that your browser uses the https:// prefix when you are signing up or logging into your account. In the event that someone is trying to intercept your traffic to our cloud environment, they can only see encrypted information.
The passwords you are using to access our application are one-way encrypted and stored securely in our database. One-way encryption means that it is impossible for anyone to decrypt your password using the information in our database. Only you know your password - even we can't use the information in any way. That being said, we do encourage you to choose a strong and unique account password that you aren't already using somewhere else.
Agent and Collector service
The agent collects information from within your private network (LAN or WAN) and pushes that information to the Uptrends Infra collector service that resides in our secure cloud environment. We have taken various measures to ensure maximum security:
- Outbound communication from the agent to the collector
The Uptrends Infra agent that runs on a server in your network always initiates communication to the outside. This process exclusively uses outbound traffic: all data is pushed out to our collector service. This means that you only need to provide outbound access to port 443, which is the default port for (secure) HTTPS traffic. The agent does not need to be accessed from outside your network, so we advise you to deny any inbound traffic on your firewall.
- Encrypted communication
The Uptrends Infra agent uses SSL and encrypts all the collected data before it is pushed to the collector service.
- RSA (private/public key) encryption of credentials
Any credentials you specify for giving the agent access to your devices are immediately encrypted using the private/public key RSA method. For each Uptrends Infra agent you install, a unique pair of private and public keys is generated. We use the public key to encrypt your credentials, but we cannot decrypt them: this is only possible using the private key.
This private key never leaves your server, which means that only the agent on that server can use the encrypted information. Accessing encrypted information without the private key is not possible within a reasonable time period, using any of the currently known methods.
- High security option
When you prefer not to use the RSA (private/public key) method for encrypting and storing credentials in our environment, you can choose to specify the credentials on the agent server itself. This method stores the credentials on your server, which means they will never have to leave your network environment. This is in essence the most secure option, but it does require more work to manage the credentials for your devices.