Forums & Knowledge Base/How to use Soluto?/Frequently Asked Questions

How secure is Soluto?

Maya Shoval
posted this on December 13, 2011 02:56 AM

  • Soluto’s web servers are encrypted via an SSL certificate. SSL (or Secure Sockets Layer) is a cryptographic protocol that provides communication security over the internet, message encryption and integrity so that communication between Soluto’s software and servers will be protected from eavesdropping and other malicious attacks.
    SSL also provides authentication in the form of server certificates using the latest cryptographic algorithms.
    Soluto’s website identity is verified by VeriSign Class 3 International Server CA-G3 certificate.
     
  • Passwords are stored according to the highest accepted security standards – The only password token stored is a secure hash, produced with a salt value and multiple passes. Soluto never stores passwords as plaintext, as tokens encrypted with reversible encryption, or as simple hashes.
     
  • User Protection: Soluto is 100% safe and secure. Only you, and anyone you allow to provide you with help, can take pre-approved actions within Soluto. If someone else helps you with your PC using Soluto, you can always review and undo any changes in the Soluto software on your PC. If you wish to stop receiving someone’s help with your PC, you can end the relationship at any time using the Soluto software installed on your PC. No-one will ever be able to access any personal information stored on your PC, including your files, documents, desktop and browsing history. Soluto only provides access to anonymous details of your PCs technical performance to make it run better.

 

Comments

User photo
Nick

Thanks, I shall refer people to this if they are cautious about this kind of software. 

December 24, 2011 10:49 PM
User photo
Paul

Can you please expand on "SSL". Is it SSL? TLS 1.0? TLS 1.1? TLS 1.2? For those of us working in security it makes a difference. What info is kept on core servers? How is it protected? Is it on a cloud provider (EC2) or stand alone services? Is there an air gap?

January 21, 2012 09:22 AM
User photo
Shawn Eght

Paul its TLS 1.0

January 29, 2012 06:37 PM
User photo
Andrew

What about the data that is traveling to your server is that secure? I've been thinking about deleting soluto because thinking about it now it does have a lot of control over my pc and if that gets highjacked.....please tell me a lot more about the entire process

February 09, 2012 07:40 PM
User photo
Wade

Its good to know that no sensitive data is collected on clients workstation or that their personal info cannot be accessed. SO does the "agent" that the client uses instructs to collect system stats via Windows API with your engine....? 

Is it possible to elaborate on the situations above:

1. local workstation to server communication encrypted

2. implications of local or client workstation Soluto software being "hijacked" in any way (even due to system infection)

February 29, 2012 10:14 AM
User photo
Pand Rien

No system is 100 % Secure. It would be naive to think otherwise. It's not so naive to say that you are 100% Secure to reassure your customers.

Also what measures have you taken to prevent Social engineering attacks?

March 02, 2012 12:08 PM
User photo
Daniel Barry Jones

I hope it is under the data protection act .. http://www.legislation.gov.uk/ukpga/1998/29/contents

September 01, 2012 02:58 PM
User photo
Jim Jones

Two factor authentication?

March 12, 2014 04:05 PM
User photo
IT Xpress

Two factor auth would be a major win. With over 100 clients supported by Soluto, I would feel more secure knowing my main account required my phone (SMS or timecode/Google Authenticator)

March 14, 2014 01:25 AM
User photo
Jim Jones
Duo Mobile's push tfa is really nice! Much easier than typing the code every time.
March 14, 2014 12:11 PM